From: no author Date: Wed, 1 Sep 1999 18:15:08 +0000 (+0000) Subject: This commit was manufactured by cvs2svn to create tag X-Git-Tag: krb5-1.1-beta1 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ed5bf45d0a1461bfac1f30e47ab0442317831268;p=krb5.git This commit was manufactured by cvs2svn to create tag 'krb5-1-1-beta1'. git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-1-beta1@11757 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/README b/README index 43e70c938..e20874cf3 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ - Kerberos Version 5, Release 1.0 + Kerberos Version 5, Release 1.1 Release Notes @@ -8,11 +8,11 @@ Unpacking the Source Distribution --------------------------------- The source distribution of Kerberos 5 comes in three gzipped tarfiles, -krb5-1.0.src.tar.gz, krb5-1.0.doc.tar.gz, and krb5-1.0.crypto.tar.gz. -The krb5-1.0.doc.tar.gz contains the doc/ directory and this README -file. The krb5-1.0.src.tar.gz contains the src/ directory and this +krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz. +The krb5-1.1.doc.tar.gz contains the doc/ directory and this README +file. The krb5-1.1.src.tar.gz contains the src/ directory and this README file, except for the crypto library sources, which are in -krb5-1.0.crypto.tar.gz. +krb5-1.1.crypto.tar.gz. Instruction on how to extract the entire distribution follow. These directions assume that you want to extract into a directory called @@ -22,56 +22,21 @@ If you have the GNU tar program and gzip installed, you can simply do: mkdir DIST cd DIST - gtar zxpf krb5-1.0.src.tar.gz - gtar zxpf krb5-1.0.crypto.tar.gz - gtar zxpf krb5-1.0.doc.tar.gz + gtar zxpf krb5-1.1.src.tar.gz + gtar zxpf krb5-1.1.crypto.tar.gz + gtar zxpf krb5-1.1.doc.tar.gz If you don't have GNU tar, you will need to get the FSF gzip distribution and use gzcat: mkdir DIST cd DIST - gzcat krb5-1.0.src.tar.gz | tar xpf - - gzcat krb5-1.0.crypto.tar.gz | tar xpf - - gzcat krb5-1.0.doc.tar.gz | tar xpf - - -Both of these methods will extract the sources into DIST/krb5-1.0/src -and the documentation into DIST/krb5-1.0/doc. - -Unpacking the Binary Distribution ---------------------------------- - -Binary distributions of Kerberos V5 are provided merely as convenience -to those people who wish to try out Kerberos V5 without needing to do -a full compile of Kerberos. - -MIT and the MIT Kerberos V5 development team make no guarantees that -we will continue to supply binary distributions for future releases of -Kerberos V5, or for any operating system/platform in particular. -These binary distributions have been prepared by members of the MIT -Kerberos V5 development team, or by volunteers who have graciously -agreed to test the pre-release snapshot. Each binary build is PGP -signed by the person who prepared the binary distribution for that -particular platform. - -While the binary distribution is *supposed* to correspond exactly to -the 1.0 Kerberos V5 source release, you have no way of knowing whether -the person who prepared the binary release might have inserted a -trojan horse, or a trapdoor. For all you know, the binary -distribution might be mailing all of your Kerberos keys to -kremvax!boris. (The same is true for the source distribution, but at -least you can audit the code yourself!) - -For this reason, if you are planning on using Kerberos V5 in -production, we strongly suggest that you obtain the source -distribution and compile it from source yourself. - -The binary distributions have been compiled so that they will install -in /usr/local. To install, su to root and and type the command: - - cd /usr/local - gunzip < /tmp/krb5-1.0..tar.gz | tar xvf - + gzcat krb5-1.1.src.tar.gz | tar xpf - + gzcat krb5-1.1.crypto.tar.gz | tar xpf - + gzcat krb5-1.1.doc.tar.gz | tar xpf - +Both of these methods will extract the sources into DIST/krb5-1.1/src +and the documentation into DIST/krb5-1.1/doc. Building and Installing Kerberos 5 ---------------------------------- @@ -99,54 +64,43 @@ If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to krb5-bugs@mit.edu. -Notes and Major Changes ------------------------ - -* We are now using the GNATS system to track bug reports for Kerberos -V5. It is therefore helpful for people to use the krb5-send-pr -program when reporting bugs. The old interface of sending mail to -krb5-bugs@mit.edu will still work; however, bug reports sent in this -fashion may experience a delay in being processed. - -* The default keytab name has changed from /etc/v5srvtab to -/etc/krb5.keytab. - -* login.krb5 no longer defaults to getting krb4 tickets. - -* The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to -KRB5_16.DLL. This change was necessary to distinguish it from the -win32 version, which will be named KRB5_32.DLL. Note that the -GSSAPI.DLL file has not been renamed, because this name was specified -in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit -version of the GSSAPI DLL will be named GSSAPI32.DLL.) - -* The directory structure used for installations has changed. In -particular, files previously located in $prefix/lib/krb5kdc are now -normally located in $sysconfdir/krb5kdc. With the normal configure -options, this means the KDC database goes in /usr/local/var/krb5kdc by -default. If you wish to have the old behavior, then you would use a -configure line like the following: - - configure --prefix=/usr/local --sysconfdir=/usr/local/lib - -* kshd has been modified to accept krb4 encrypted rcp connections; for -this to work, the v4rcp program must be in the bin directory. - -* The gssrpc library has symbol collisions with the rpc library in -some of the libcs in certain operating systems without shared -libraries, notably some ports of NetBSD and MkLinux. For those -platforms which have rpc in libc and also contain NIS in libc, -compiling with static libraries will not work because of this -conflict. NetBSD users can either upgrade to the current tree, which -includes shared libraries for more ports, choose not to build kadmind -or kadmin, or recompile NetBSD without NIS support. MkLinux users -must either recompile without NIS or not build the administration -system. +Notes, Major Changes, and Known Bugs +------------------------------------ + +* Triple DES support is included; however, it is only usable for + service keys at the moment, due to a large number of compatibility + issues. For example, the GSSAPI library has some (buggy) support + for a triple DES session key, but it is intentionally disabled. + More here later. + +* The lib/rpc tests do not appear to work under NetBSD-1.4, for + reasons that are not completely clear at the moment, but probably + have something to do with portmapper interfacing. This should not + affect other operations, such as kadmind operation. + +* Shared library builds are under a new framework; at this point only + Solaris, Irix, NetBSD, and possibly Linux are known to work. All + other working shared library builds may be figments of your + imagination. + +* Many existing databases, especially those converted from krb4 + original databases, may contain expiration dates in 1999. You + should make sure to update these expiration dates, and also change + any config file entries that have two-digit years. + +* Not all reported bugs have been fixed in this release, due to time + constraints. We are planning to make another release in the near + future with more complete triple DES support, and additional + bugfixes. Many of the bugs in our database are reported against + what is now quite old code, or require hardware that we do not have, + which make them difficult to reproduce and debug. We will work on + these older bugs and some externally submitted patches for the + following release. Copyright Notice and Legal Administrivia ---------------------------------------- -Copyright (C) 1996 by the Massachusetts Institute of Technology. +Copyright (C) 1985-1999 by the Massachusetts Institute of Technology. All rights reserved. @@ -171,7 +125,7 @@ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Individual source code files are copyright MIT, Cygnus Support, -OpenVision, Oracle, Sun Soft, and others. +OpenVision, Oracle, Sun Soft, FundsXpress, and others. Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology @@ -253,7 +207,9 @@ Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes. Thanks to the members of the Kerberos V5 development team at MIT, both -past and present: Jay Berkenbilt, Richard Basch, John Carr, Don -Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John -Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris -Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu. +past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John +Carr, Don Davis, Alexis Ellwood, Nancy Gilman, Matt Hancher, Sam +Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey +King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul +Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff +Schiller, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. diff --git a/doc/ChangeLog b/doc/ChangeLog index 49002f24f..d351b47e5 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,14 @@ +1999-08-31 Ken Raeburn + + * admin.texinfo (Kadmin Options): Describe -e option. + (The User/Kerberos Interaction): Renamed from User--Kerberos to + avoid an apparent makeinfo 1.68 bug. + (realms (kdc.conf)): Document kdc_supported_enctypes, and mention + how des3 can be used there. Add des-cbc-crc:v4 to both enctype + lists, in the descriptions and in the examples. Delete + encryption_type, which doesn't exist. + (Date Format): Avoid 2-digit years, and add a warning about them. + Fri Dec 13 15:10:44 1996 Tom Yu * admin.texinfo (The User--Kerberos Interaction): The environment diff --git a/doc/admin.texinfo b/doc/admin.texinfo index 7e70d28c7..64a580a3e 100644 --- a/doc/admin.texinfo +++ b/doc/admin.texinfo @@ -139,7 +139,7 @@ Service for Open Network Systems}, a paper presented at Winter USENIX * Kerberos Realms:: * The Ticket-Granting Ticket:: * Network Services and the Master Database:: -* The User--Kerberos Interaction:: +* The User/Kerberos Interaction:: * Definitions:: @end menu @@ -210,7 +210,7 @@ just a file in @code{/tmp}. The credentials cache is also called the @dfn{ticket file}, especially in Kerberos V4 documentation. Note, however, that a credentials cache does not have to be stored in a file. -@node Network Services and the Master Database, The User--Kerberos Interaction, The Ticket-Granting Ticket, How Kerberos Works +@node Network Services and the Master Database, The User/Kerberos Interaction, The Ticket-Granting Ticket, How Kerberos Works @section Network Services and the Master Database The master database also contains entries for all network services that @@ -258,8 +258,8 @@ services that run as root are usually stored in the keytab file of the service's password, and must be kept secure. Data which is meant to be read only by the service is encrypted using this key. -@node The User--Kerberos Interaction, Definitions, Network Services and the Master Database, How Kerberos Works -@section The User--Kerberos Interaction +@node The User/Kerberos Interaction, Definitions, Network Services and the Master Database, How Kerberos Works +@section The User/Kerberos Interaction Suppose that you walk up to a host intending to login to it, and then @samp{rlogin} to the machine @samp{laughter}. Here's what happens: @@ -324,7 +324,7 @@ login. @end enumerate @end enumerate -@node Definitions, , The User--Kerberos Interaction, How Kerberos Works +@node Definitions, , The User/Kerberos Interaction, How Kerberos Works @section Definitions Following are definitions of some of the Kerberos terminology. @@ -839,10 +839,6 @@ in this realm. not allowed as passwords. The default is @code{@value{ROOTDIR}/var/krb5kdc/kadm5.dict}. -@itemx encryption_type -(Encryption type string.) Specifies the encryption type used for this -realm. Only "des-cbc-crc" is supported at this time. - @itemx kadmind_port (Port number.) Specifies the port that the kadmind daemon is to listen for this realm. The assigned port for kadmind is 749. @@ -875,9 +871,25 @@ valid ticket may be renewed in this realm. @itemx supported_enctypes List of key:salt strings. Specifies the default key/salt combinations -of principals for this realm. Since only the encryption type -"des-cbc-crc" is supported, you should set this tag to -@samp{des-cbc-crc:normal}. +of principals for this realm. Any principals created through +@code{kadmin} will have keys of these types. Since only the encryption +type "des-cbc-crc" is supported, you should set this tag to +@samp{des-cbc-crc:normal des-cbc-crc:v4}. + +@itemx kdc_supported_enctypes +List of key:salt strings. Specifies the permitted key/salt combinations +of principals for this realm. You should set this tag to +@samp{des-cbc-crc:normal des-cbc-crc:v4}. + +@b{Note:} You may also use @samp{des3-cbc-sha1:normal} before +@samp{des-cbc-crc:normal} if you wish to support triple-DES service keys +in addition to DES service keys. In order to create such service keys, +you must use the @code{-e} option to @code{kadmin.local}, running on the +KDC system itself; the remote @code{kadmin} client does not allow this +option. We do not currently support the use of triple-DES keys anywhere +other than for service keys. + + @end table @node Sample kdc.conf File, , realms (kdc.conf), kdc.conf @@ -896,7 +908,8 @@ Here's an example of a @code{kdc.conf} file: max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des-cbc-crc - supported_enctypes = des-cbc-crc:normal + supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 + kdc_supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 @} [logging] @@ -993,6 +1006,16 @@ unauthorized users gain read access to the script. @item @b{-q} @i{query} Pass @i{query} directly to @code{kadmin}. This is useful for writing scripts that pass specific queries to @code{kadmin}. + +@item @b{-e} @i{"enctypes ..."} +@b{(For @code{kadmin.local} only.)} +Sets the list of cryptosystem and salt types to be used for any new keys +created. Available types include @samp{des3-cbc-sha1:normal}, +@samp{des-cbc-crc:normal}, and @samp{des-cbc-crc:v4}. In this release, +the @samp{des3-cbc-sha1:normal} type should only be used when +registering service principals; for any services that may request +tickets themselves to initiate some action, it should be combined with +one or more of the other types. @end table @node Date Format, Principals, Kadmin Options, Administrating Kerberos Database Entries @@ -1016,12 +1039,15 @@ tomorrow now "second Monday" fortnight -"3/31/92 10:00:07 PST" -"January 23, 1987 10:05pm" +"3/31/1992 10:00:07 PST" +"January 23, 2007 10:05pm" "22:00 GMT" @end group @end smallexample +Two-digit years are allowed in places, but the use of this form is not +recommended. + Note that if the date specification contains spaces, you must enclose it in double quotes. Note also that you cannot use a number without a unit. (I.e., ``"60 seconds"'' is correct, but ``60'' is incorrect.) diff --git a/doc/api/ChangeLog b/doc/api/ChangeLog index a26f66faa..b1145f18f 100644 --- a/doc/api/ChangeLog +++ b/doc/api/ChangeLog @@ -1,3 +1,8 @@ +1999-08-30 Ken Raeburn + + * libdes.tex: Don't use ncs style; it's availability is dependent + on the local TeX installation. + 1999-01-20 Theodore Ts'o * krb5.tex (krb5_mk_safe): Fix reference to a non-existent flag. diff --git a/doc/api/libdes.tex b/doc/api/libdes.tex index c53c81350..71e75c59b 100644 --- a/doc/api/libdes.tex +++ b/doc/api/libdes.tex @@ -1,4 +1,4 @@ -\documentstyle[ncs,fixunder,functions,twoside]{article} +\documentstyle[fixunder,functions,twoside]{article} \setlength{\oddsidemargin}{0.25in} \setlength{\evensidemargin}{-0.25in} \setlength{\topmargin}{-.5in} diff --git a/src/ChangeLog b/src/ChangeLog index 2eab397b1..199d5bf83 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,16 @@ +1999-08-27 Danilo Almeida + + * Makefile.in: Add some missing dirs needed for generating a proper + kerbsrc.zip. Make krbsrc83.zip obsolete. + +1999-08-13 Brad Thompson + + * aclocal.m4: Added MacOS X shared library support. + +1999-08-09 Danilo Almeida + + * Makefile.in: Build kpasswd under windows. + 1999-07-22 Tom Yu * Makefile.in (install-mkdirs): Use mkinstalldirs rather than diff --git a/src/Makefile.in b/src/Makefile.in index d4aba1439..7aeab2075 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -131,6 +131,7 @@ config-windows:: Makefile-windows WINMAKEFILES=Makefile \ clients\Makefile clients\kdestroy\Makefile \ clients\kinit\Makefile clients\klist\Makefile \ + clients\kpasswd\Makefile \ include\Makefile include\krb5\Makefile \ lib\Makefile lib\crypto\Makefile \ lib\crypto\crc32\Makefile lib\crypto\des\Makefile \ @@ -175,6 +176,8 @@ WINMAKEFILES=Makefile \ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##clients\klist\Makefile: clients\klist\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ +##DOS##clients\kpasswd\Makefile: clients\kpasswd\Makefile.in $(MKFDEP) +##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##include\Makefile: include\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##include\krb5\Makefile: include\krb5\Makefile.in $(MKFDEP) @@ -300,6 +303,7 @@ ren2long: ZIP=zip FILES= ./* \ clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \ + clients/kpasswd/* \ config/* include/* include/kerberosIV/* \ include/krb5/* include/krb5/stock/* include/sys/* lib/* \ lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \ @@ -312,9 +316,9 @@ FILES= ./* \ lib/krb5/ccache/* lib/krb5/ccache/file/* lib/krb5/ccache/memory/* \ lib/krb5/ccache/stdio/* lib/krb5/ccache/ccapi/* \ lib/krb5/error_tables/* \ - lib/krb5/keytab/* lib/krb5/keytab/file/* \ + lib/krb5/keytab/* lib/krb5/keytab/file/* lib/krb5/keytab/srvtab/* \ lib/krb5/os/* lib/krb5/posix/* lib/krb5/rcache/* \ - util/et/* util/profile/* + util/* util/et/* util/profile/* WINFILES= util/windows/* windows/* windows/lib/* windows/cns/* \ windows/wintel/* windows/gss/* windows/gina/* @@ -381,15 +385,14 @@ dos-Makefile: prep-windows: dos-Makefile awk-windows-mac -# Not supported.... -krbsrc83.zip: dos-Makefile awk-windows-mac winfile.list - rm -f krbsrc83.zip - $(ZIP) -@Dlk krbsrc83.zip < winfile.list - $(ZIP) -Dk krbsrc83.zip $(WINBINARYFILES) - if test -d mit ; then \ - $(ZIP) -rDk krbsrc83.zip $(MITWINBINARYFILES) ; \ - fi - rm -f $(CLEANUP) +krbsrc83.zip: krbsrc83-is-obsolete + +krbsrc83-is-obsolete: + @echo "Win16 and krbsrc83.zip are no longer supported." + @echo "We don't support building under 8.3 restricted filesystems" + @echo "anymore. You can still build for Win32 on filesystems" + @echo "without 8.3 restrictions using kerbsrc.zip" + @echo " " kerbsrc.zip: dos-Makefile awk-windows-mac winfile.list rm -f kerbsrc.zip @@ -403,7 +406,7 @@ kerbsrc.zip: dos-Makefile awk-windows-mac winfile.list kerbsrc-nt.zip: kerbsrc-nt-is-obsolete kerbsrc-nt-is-obsolete: - @echo "Kerbsrc-nt.zip is now obsolete. Just use and build kerbsrc.zip" + @echo "kerbsrc-nt.zip is now obsolete. Just use and build kerbsrc.zip" @echo "We don't support building under 8.3 restricted filesystems" @echo "anymore, so what was kerbsrc-nt.zip is now kerbsrc.zip." @echo " " @@ -520,3 +523,4 @@ mkbin: $(CP) clients\klist\$(OUTPRE)klist.exe $(KBINDIR)\. $(CP) clients\kinit\$(OUTPRE)kinit.exe $(KBINDIR)\. $(CP) clients\kdestroy\$(OUTPRE)kdestroy.exe $(KBINDIR)\. + $(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe $(KBINDIR)\. diff --git a/src/aclocal.m4 b/src/aclocal.m4 index aca3d0bc7..b4e6b4abe 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -1093,6 +1093,19 @@ mips-*-netbsd*) PROFFLAGS=-pg ;; +*-*-macos10*) + PICFLAGS=-fno-common + SHLIBVEXT='.$(LIBMAJOR).$(LIBMINOR).dylib' + SHLIBSEXT='.$(LIBMAJOR).dylib' + SHLIB_EXPFLAGS='$(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIBEXT=.dylib + SHOBJEXT=.so + LDCOMBINE='cc -dynamiclib -dylib_compatibility_version=$(LIBMAJOR).$(LIBMINOR) -dylib_current_version=$(LIBMAJOR).$(LIBMINOR)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) -static' + RUN_ENV='DYLD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export DYLD_LIBRARY_PATH;' + ;; + *-*-solaris*) if test "$krb5_cv_prog_gcc" = yes; then PICFLAGS=-fpic diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 1a941cd53..1fe7f5abb 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,24 @@ +1999-08-24 Tom Yu + + * Makefile.in (kshd): Remove $(LOGINLIBS) from kshd dependencies. + +1999-08-23 Ken Raeburn + + * krlogin.c (main): Error out if -D isn't followed by another + argument. Based on patch from Brad Thompson. + + * krshd.c (v4_kdata, v4_ticket): Don't define if KRB5_KRB4_COMPAT + is not defined. Patch from Brad Thompson. + + * kcmd.c (kcmd): If krb5_get_credentials returns a nonzero error + code, print an error message before returning. + +1999-08-17 Ken Raeburn + + * krlogin.c (main): If ospeed is outside of compiled-in table + index range but not high enough to be a baud rate, use the highest + rate in the table. + 1999-08-02 Ken Raeburn and Brad Thompson diff --git a/src/appl/bsd/Makefile.in b/src/appl/bsd/Makefile.in index 3eb020fb9..faeaff4c3 100644 --- a/src/appl/bsd/Makefile.in +++ b/src/appl/bsd/Makefile.in @@ -63,7 +63,7 @@ install:: ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ fi -kshd: krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(LOGINLIBS) $(PTY_DEPLIB) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS) +kshd: krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(CC_LINK) -o kshd krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(LOGINLIBS) $(PTY_LIB) $(UTIL_LIB) $(KRB4COMPAT_LIBS) klogind: krlogind.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS) diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 6b0eafcde..0e68f88e7 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -339,7 +339,11 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, status = krb5_get_credentials(bsd_context, 0, cc, get_cred, &ret_cred); krb5_free_creds(bsd_context, get_cred); (void) krb5_cc_close(bsd_context, cc); - if (status) goto bad2; + if (status) { + fprintf (stderr, "error getting credentials: %s\n", + error_message (status)); + goto bad2; + } /* Reset internal flags; these should not be sent. */ authopts &= (~OPTS_FORWARD_CREDS); diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index 0bfb3ef57..0a8e7902e 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -383,6 +383,11 @@ main(argc, argv) if (argc > 0 && !strcmp(*argv, "-D")) { argv++; argc--; + if (*argv == NULL) { + fprintf (stderr, + "rlogin: -D flag must be followed by the debug port.\n"); + exit (1); + } debug_port = htons(atoi(*argv)); argv++; argc--; goto another; @@ -545,6 +550,10 @@ main(argc, argv) /* On some systems, ospeed is the baud rate itself, not a table index. */ sprintf (term + strlen (term), "%d", ospeed); + else if (ospeed >= sizeof(speeds)/sizeof(char*)) + /* Past end of table, but not high enough to + look like a real speed. */ + (void) strcat (term, speeds[sizeof(speeds)/sizeof(char*) - 1]); else { (void) strcat(term, speeds[ospeed]); } diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 2a1391704..3844087bb 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -529,8 +529,10 @@ char *kremuser; krb5_principal client; krb5_authenticator *kdata; +#ifdef KRB5_KRB4_COMPAT AUTH_DAT *v4_kdata; KTEXT v4_ticket; +#endif int auth_sys = 0; /* Which version of Kerberos used to authenticate */ diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 4c287d294..893c318d5 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,7 @@ +1999-08-27 Tom Yu + + * ftp.c: Diable krb5-mech2 for now. + Tue May 11 11:58:00 1999 Ezra Peisach * ftp.c: Inclusion of gssapi_krb5.h requires gssapi_generic.h. diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index c6e47bdec..bccd2facc 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -1877,9 +1877,7 @@ struct { const gss_OID_desc * const * mech_type; char *service_name; } gss_trials[] = { - { &gss_mech_krb5_v2, "ftp" }, { &gss_mech_krb5, "ftp" }, - { &gss_mech_krb5_v2, "host" }, { &gss_mech_krb5, "host" }, }; int n_gss_trials = sizeof(gss_trials)/sizeof(gss_trials[0]); diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index c3a779a42..73985a2da 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,11 @@ +1999-08-31 17:28 Jeffrey Altman + + * kerberos5.c: Corrections to yesterday's change. + +1999-08-30 16:55 Jeffrey Altman + + * kerberos5.c: Ensure that only "host" service tickets are accepted. + Wed Feb 3 22:59:27 1999 Theodore Y. Ts'o * kerberos5.c: Increase size of str_data so that we can accept diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 73b2c8780..5985531fe 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -377,7 +377,7 @@ kerberos5_is(ap, data, cnt) #ifdef ENCRYPTION Session_Key skey; #endif - char errbuf[128]; + char errbuf[320]; char *name; char *getenv(); krb5_data inbuf; @@ -423,6 +423,27 @@ kerberos5_is(ap, data, cnt) (void) strcat(errbuf, error_message(r)); goto errout; } + + /* 256 bytes should be much larger than any reasonable first component */ + /* of a service name especially since the default is of length 4. */ + if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) { + char princ[256]; + strncpy(princ, + krb5_princ_component(telnet_context, ticket->server,0)->data, + krb5_princ_component(telnet_context, ticket->server,0)->length); + princ[krb5_princ_component(telnet_context, + ticket->server,0)->length] = '\0'; + if ( strcmp("host", princ) ) + { + (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"", + princ, "host"); + goto errout; + } + } else { + (void) strcpy(errbuf, "service name too long"); + goto errout; + } + r = krb5_auth_con_getauthenticator(telnet_context, auth_context, &authenticator); @@ -557,7 +578,7 @@ kerberos5_is(ap, data, cnt) errout: { - char eerrbuf[128+9]; + char eerrbuf[329]; strcpy(eerrbuf, "telnetd: "); strcat(eerrbuf, errbuf); diff --git a/src/clients/ChangeLog b/src/clients/ChangeLog index 7aa79e60a..84c16224b 100644 --- a/src/clients/ChangeLog +++ b/src/clients/ChangeLog @@ -1,3 +1,7 @@ +1999-08-09 Danilo Almeida + + * Makefile.in: Build kpasswd under windows. + Tue May 18 19:52:56 1999 Danilo Almeida * Makefile.in: Remove - from recursive Win32 make invocation. diff --git a/src/clients/Makefile.in b/src/clients/Makefile.in index ada6fd0c1..931bdc0c9 100644 --- a/src/clients/Makefile.in +++ b/src/clients/Makefile.in @@ -16,6 +16,9 @@ all-windows:: @echo Making all in clients\kinit cd ..\kinit $(MAKE) -$(MFLAGS) + @echo Making all in clients\kpasswd + cd ..\kpasswd + $(MAKE) -$(MFLAGS) cd .. clean-windows:: diff --git a/src/clients/kdestroy/ChangeLog b/src/clients/kdestroy/ChangeLog index f3d51232b..164834415 100644 --- a/src/clients/kdestroy/ChangeLog +++ b/src/clients/kdestroy/ChangeLog @@ -1,3 +1,7 @@ +1999-08-09 Danilo Almeida + + * Makefile.in: Use standard windows exe link flags. + Mon May 10 15:09:31 1999 Danilo Almeida * Makefile.in: Do win32 build in subdir. diff --git a/src/clients/kdestroy/Makefile.in b/src/clients/kdestroy/Makefile.in index 9489d2fa9..c569e42d2 100644 --- a/src/clients/kdestroy/Makefile.in +++ b/src/clients/kdestroy/Makefile.in @@ -22,7 +22,7 @@ kdestroy: kdestroy.o $(KRB5_BASE_DEPLIBS) ##WIN32##all-windows:: $(OUTPRE)kdestroy.exe ##WIN32##$(OUTPRE)kdestroy.exe: $(OUTPRE)kdestroy.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) -##WIN32## link /nologo /out:$@ $** +##WIN32## link $(LINKOPTS2) -out:$@ $** clean-unix:: diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index fa18f1004..c7563c71a 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,17 @@ +1999-08-25 Ken Raeburn + + * kinit.c (optind, optarg) [sun]: Declare on SunOS 4. Maybe + declare unconditionally, in the future. + +1999-08-12 Ken Raeburn + + * kinit.c (main): Initialize cache_name to null, in case it's not + set. + +1999-08-09 Danilo Almeida + + * Makefile.in: Use standard windows exe link flags. + Mon May 10 15:13:37 1999 Danilo Almeida * Makefile.in: Do win32 build in subdir. diff --git a/src/clients/kinit/Makefile.in b/src/clients/kinit/Makefile.in index 071d653f7..cff0dc9db 100644 --- a/src/clients/kinit/Makefile.in +++ b/src/clients/kinit/Makefile.in @@ -21,7 +21,7 @@ kinit: kinit.o $(KRB5_BASE_DEPLIBS) ##WIN32##all-windows:: $(OUTPRE)kinit.exe ##WIN32##$(OUTPRE)kinit.exe: $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) -##WIN32## link /nologo /out:$@ $** +##WIN32## link $(LINKOPTS2) -out:$@ $** clean-unix:: diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index c29b26e6c..6ed1b2f9f 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -33,6 +33,11 @@ #else #ifdef HAVE_UNISTD_H #include +#ifdef sun +/* SunOS4 unistd didn't declare these; okay to make unconditional? */ +extern int optind; +extern char *optarg; +#endif /* sun */ #else extern int optind; extern char *optarg; @@ -101,7 +106,7 @@ main(argc, argv) krb5_get_init_creds_opt opts; char *service_name = NULL; krb5_keytab keytab = NULL; - char *cache_name; + char *cache_name = NULL; krb5_ccache ccache = NULL; enum { INIT_PW, INIT_KT, RENEW, VALIDATE} action; int errflg = 0, idx, i; diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index 3f1cc6930..98cd6e662 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,17 @@ +1999-09-01 Danilo Almeida + + * klist.c (do_ccache, show_credential): Use krb5_free_unparsed_name + instead of free. + +1999-08-26 Danilo Almeida + + * klist.c (show_credential): Index addresses array with i + in a loop instead of 1. (Thanks to jaltman@columbia.edu) + +1999-08-09 Danilo Almeida + + * Makefile.in: Use standard windows exe link flags. + Mon May 10 15:13:58 1999 Danilo Almeida * Makefile.in: Do win32 build in subdir. diff --git a/src/clients/klist/Makefile.in b/src/clients/klist/Makefile.in index b9be31653..5c5af91db 100644 --- a/src/clients/klist/Makefile.in +++ b/src/clients/klist/Makefile.in @@ -21,7 +21,7 @@ klist: klist.o $(KRB5_BASE_DEPLIBS) ##WIN32##all-windows:: $(OUTPRE)klist.exe ##WIN32##$(OUTPRE)klist.exe: $(OUTPRE)klist.obj $(KLIB) $(CLIB) -##WIN32## link /nologo /out:$@ $** wsock32.lib +##WIN32## link $(LINKOPTS2) -out:$@ $** wsock32.lib clean-unix:: diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 5d79a52e4..891d98013 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -248,7 +248,7 @@ void do_keytab(name) printf(")"); } printf("\n"); - free(pname); + krb5_free_unparsed_name(kcontext, pname); } if (code && code != KRB5_KT_END) { com_err(progname, code, "while scanning keytab"); @@ -447,7 +447,7 @@ show_credential(progname, kcontext, cred) retval = krb5_unparse_name(kcontext, cred->server, &sname); if (retval) { com_err(progname, retval, "while unparsing server name"); - free(name); + krb5_free_unparsed_name(kcontext, name); return; } if (!cred->times.starttime) @@ -527,15 +527,15 @@ show_credential(progname, kcontext, cred) for (i=1; cred->addresses[i]; i++) { printf(", "); - one_addr(cred->addresses[1]); + one_addr(cred->addresses[i]); } printf("\n"); } } - free(name); - free(sname); + krb5_free_unparsed_name(kcontext, name); + krb5_free_unparsed_name(kcontext, sname); } void one_addr(a) diff --git a/src/clients/kpasswd/ChangeLog b/src/clients/kpasswd/ChangeLog index 46f98c554..c61e68898 100644 --- a/src/clients/kpasswd/ChangeLog +++ b/src/clients/kpasswd/ChangeLog @@ -1,3 +1,8 @@ +1999-08-09 Danilo Almeida + + * kpasswd.c: + * Makefile.in: Build kpasswd under windows. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/clients/kpasswd/Makefile.in b/src/clients/kpasswd/Makefile.in index 2b7490820..dddc05b95 100644 --- a/src/clients/kpasswd/Makefile.in +++ b/src/clients/kpasswd/Makefile.in @@ -14,17 +14,17 @@ kpasswd: kpasswd.o $(KRB5_BASE_DEPLIBS) kpasswd.o: $(srcdir)/kpasswd.c all-unix:: kpasswd -all-windows:: kpasswd.exe clean-unix:: $(RM) kpasswd.o kpasswd -clean-windows:: - $(RM) kpasswd.obj kpasswd.exe - install-all install-kdc install-server install-client install-unix:: $(INSTALL_PROGRAM) kpasswd $(DESTDIR)$(CLIENT_BINDIR)/`echo kpasswd|sed '$(transform)'` $(INSTALL_DATA) $(srcdir)/kpasswd.M $(DESTDIR)$(CLIENT_MANDIR)/`echo kpasswd|sed '$(transform)'`.1; -kpasswd.exe: kpasswd.obj - link /out:kpasswd.exe kpasswd.obj $(BUILDTOP)\lib\libkrb5.lib +##WIN32##INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 +##WIN32##CFLAGS = $(CCOPTS2) $(INCLUDES) + +##WIN32##all-windows:: $(OUTPRE)kpasswd.exe +##WIN32##$(OUTPRE)kpasswd.exe: $(OUTPRE)kpasswd.obj $(KLIB) $(CLIB) +##WIN32## link $(LINKOPTS2) -out:$@ $** diff --git a/src/clients/kpasswd/kpasswd.c b/src/clients/kpasswd/kpasswd.c index 711c4ecd6..2e719d6de 100644 --- a/src/clients/kpasswd/kpasswd.c +++ b/src/clients/kpasswd/kpasswd.c @@ -1,20 +1,51 @@ #include #include -#include + +#ifndef _WIN32 #include +#endif #include #define P1 "Enter new password: " #define P2 "Enter it again: " +#ifdef HAVE_PWD_H +#include + +void get_name_from_passwd_file(program_name, kcontext, me) + char * program_name; + krb5_context kcontext; + krb5_principal * me; +{ + struct passwd *pw; + krb5_error_code code; + if (pw = getpwuid((int) getuid())) { + if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) { + com_err (program_name, code, "when parsing name %s", pw->pw_name); + exit(1); + } + } else { + fprintf(stderr, "Unable to identify user from password file\n"); + exit(1); + } +} +#else /* HAVE_PWD_H */ +void get_name_from_passwd_file(kcontext, me) + krb5_context kcontext; + krb5_principal * me; +{ + fprintf(stderr, "Unable to identify user\n"); + exit(1); +} +#endif /* HAVE_PWD_H */ + int main(int argc, char *argv[]) { krb5_error_code ret; krb5_context context; krb5_principal princ; char *pname; - struct passwd *pwd; krb5_ccache ccache; krb5_get_init_creds_opt opts; krb5_creds creds; @@ -40,7 +71,9 @@ int main(int argc, char *argv[]) exit(1); } +#if 0 krb5_init_ets(context); +#endif /* in order, use the first of: - a name specified on the command line @@ -70,15 +103,8 @@ int main(int argc, char *argv[]) com_err(argv[0], ret, "closing ccache"); exit(1); } - } else if (pwd = getpwuid(getuid())) { - if (ret = krb5_parse_name(context, pwd->pw_name, &princ)) { - com_err(argv[0], ret, "parsing client name"); - exit(1); - } } else { - com_err(argv[0], 0, - "no matching password entry while looking for username"); - exit(1); + get_name_from_passwd_file(argv[0], context, &princ); } krb5_get_init_creds_opt_init(&opts); diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog index 44dc8989d..620e14d14 100644 --- a/src/clients/ksu/ChangeLog +++ b/src/clients/ksu/ChangeLog @@ -1,3 +1,9 @@ +1999-08-23 Ken Raeburn + + * heuristic.c (find_ticket): Use flag KRB5_TC_SUPPORTED_KTYPES + when calling krb5_cc_retrieve_cred. + * krb_auth_su.c (krb5_auth_check, krb5_fast_auth): Ditto. + Fri Mar 12 18:52:18 1999 Tom Yu * main.c (main): Fix cleanup code for setluid() failure. diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c index 40858fb3a..a8a180090 100644 --- a/src/clients/ksu/heuristic.c +++ b/src/clients/ksu/heuristic.c @@ -451,7 +451,7 @@ krb5_error_code find_ticket (context, cc, client, server, found) if (retval= krb5_copy_principal(context, server, &tgtq.server)) return retval ; - retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, + retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt); if (! retval) retval = krb5_check_exp(context, tgt.times); diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index e5a489f91..fb0f547fb 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -125,8 +125,9 @@ krb5_boolean zero_password; } if (auth_debug){ dump_principal(context, "local tgt principal name", tgtq.server ); } - retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, - &tgtq, &tgt); + retval = krb5_cc_retrieve_cred(context, cc, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, + &tgtq, &tgt); if (! retval) retval = krb5_check_exp(context, tgt.times); @@ -260,8 +261,9 @@ krb5_error_code retval; return (FALSE) ; } - if ((retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, - &tgtq, &tgt))){ + if ((retval = krb5_cc_retrieve_cred(context, cc, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, + &tgtq, &tgt))){ if (auth_debug) com_err(prog_name, retval,"While Retrieving credentials"); return (FALSE) ; diff --git a/src/config/ChangeLog b/src/config/ChangeLog index 22bc43380..cb1dae4af 100644 --- a/src/config/ChangeLog +++ b/src/config/ChangeLog @@ -1,3 +1,17 @@ +1999-08-23 Ken Raeburn + + * config.guess: Recognize Rhapsody OS. + * config.sub: Recognize OS name "rhapsody*". + +1999-08-17 Ken Raeburn + + * post.in (*-recurse): If an error occurs when using -k, report an + error after finishing all the subdirectories. + +1999-08-13 Brad Thompson + + * config.sub: Now recognizes MacOS 10 as a valid OS. + 1999-07-30 Ken Raeburn * config.guess: Add MacOS 10 support. (Submitted to autoconf diff --git a/src/config/config.guess b/src/config/config.guess index c4cdae72f..98fea7b84 100644 --- a/src/config/config.guess +++ b/src/config/config.guess @@ -810,6 +810,19 @@ EOF BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit 0 ;; +# MIT addition + Power\ Macintosh:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; +# MIT addition + powerpc:Rhapsody:*:*) + echo powerpc-unknown-rhapsody${UNAME_RELEASE} + exit 0 ;; +# MIT addition + i?86:Rhapsody:*:*) + echo i386-unknown-rhapsody${UNAME_RELEASE} + exit 0 ;; +# MIT addition Power\ Macintosh:Mac\ OS:*:*) echo powerpc-apple-macos${UNAME_RELEASE} exit 0 ;; diff --git a/src/config/config.sub b/src/config/config.sub index 00bea6e6a..995263424 100644 --- a/src/config/config.sub +++ b/src/config/config.sub @@ -714,7 +714,7 @@ case $os in | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -uxpv* | -beos*) + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -macos* | -rhapsody*) # Remember, each alternative MUST END IN *, to match a version number. ;; -linux*) diff --git a/src/config/post.in b/src/config/post.in index 82bf72882..6a318288a 100644 --- a/src/config/post.in +++ b/src/config/post.in @@ -54,12 +54,13 @@ $(srcdir)/$(thisconfigdir)/configure: $(srcdir)/$(thisconfigdir)/configure.in \ all-recurse clean-recurse distclean-recurse install-recurse check-recurse Makefiles-recurse: @case "`echo 'x$(MFLAGS)'|sed -e 's/^x//' -e 's/ --.*$$//'`" \ - in *[ik]*) e=:;; *) e="exit 1";; esac; \ + in *[ik]*) e="status=1" ;; *) e="exit 1";; esac; \ if test -z "$(MY_SUBDIRS)" ; then \ do_subdirs="$(SUBDIRS)" ; \ else \ do_subdirs="$(MY_SUBDIRS)" ; \ fi; \ + status=0; \ if test -n "$$do_subdirs" && test -z "$(NORECURSE)"; then \ for i in $$do_subdirs ; do \ if test -d $$i ; then \ @@ -68,7 +69,7 @@ all-recurse clean-recurse distclean-recurse install-recurse check-recurse Makefi echo "making $$target in $(CURRENT_DIR)$$i..."; \ if (cd $$i ; $(MAKE) CC="$(CC)" CCOPTS="$(CCOPTS)" \ CURRENT_DIR=$(CURRENT_DIR)$$i/ $$target) then :; \ - else $$e; fi; \ + else eval $$e; fi; \ ;; \ esac; \ else \ @@ -76,4 +77,5 @@ all-recurse clean-recurse distclean-recurse install-recurse check-recurse Makefi fi; \ done; \ else :; \ - fi + fi;\ + exit $$status diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 453d67a5d..017cd8e27 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,42 @@ +1999-08-31 Jeffrey Altman + + * k5-int.h: Add #define ANSI_STDIO for Windows builds so that + stdio opens files in binary mode instead of text + mode. This is necessary for Ctrl-Z transparency. + +1999-08-30 Ken Raeburn + + * configure.in: Check for memmove and bcopy. + + * Makefile.in (install): Install profile.h since krb5.h will use + it. + +1999-08-26 Danilo Almeida + + * krb5.hin (krb5_kuserok): Fix calling convention to make it + consistent with rest of krb5 exports before we start exporting + this from the Windows DLL. + +1999-08-25 Danilo Almeida + + * k5-int.h (krb5_cc_retrieve_cred_default): Fix calling convention + to make it consistent with actual calling convention. + +1999-08-23 Ken Raeburn + + * krb5.hin (KRB5_TC_SUPPORTED_KTYPES): New flag. + * k5-int.h (krb5_cc_retrieve_cred_default): Declare. + +1999-08-18 Tom Yu + + * krb5.hin: Re-align des3-cbc-sha1 and hmac-sha1-des3 to agree + with new number assignments; also rename symbols a little bit. + +1999-08-09 Danilo Almeida + + * win-mac.h: Define MAXPATHLEN only if not already defined. This + avoids warnings under Windows. + 1999-08-04 Danilo Almeida * k5-int.h: Keep invariant that profile_in_memory member of context diff --git a/src/include/Makefile.in b/src/include/Makefile.in index db023fc69..5298a4b32 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -69,5 +69,6 @@ clean-windows:: cd .. @echo Making clean in include -install:: krb5.h +install:: krb5.h profile.h $(INSTALL_DATA) krb5.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5.h + $(INSTALL_DATA) profile.h $(DESTDIR)$(KRB5_INCDIR)$(S)profile.h diff --git a/src/include/configure.in b/src/include/configure.in index 8a4c03d15..c99448ecf 100644 --- a/src/include/configure.in +++ b/src/include/configure.in @@ -5,7 +5,7 @@ AC_PROG_INSTALL AC_PROG_AWK AC_PROG_LEX AC_CONST -AC_CHECK_FUNCS(strdup labs setvbuf) +AC_CHECK_FUNCS(strdup labs setvbuf memmove bcopy) HAVE_YYLINENO CHECK_DIRENT AC_TYPE_UID_T diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 709d86631..cf25de11d 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -102,6 +102,7 @@ #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ #define HAVE_LABS +#define ANSI_STDIO #endif @@ -1474,6 +1475,11 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes krb5_octet FAR * FAR *, size_t FAR *)); + +krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default + KRB5_PROTOTYPE((krb5_context, krb5_ccache, krb5_flags, + krb5_creds *, krb5_creds *)); + #if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) #pragma import reset #endif diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 0f4836a0b..45348b3df 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -363,8 +363,8 @@ typedef struct _krb5_enc_data { /* XXX deprecated? */ #define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ #define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ -#define ENCTYPE_DES3_HMAC_SHA1 0x0007 #define ENCTYPE_DES_HMAC_SHA1 0x0008 +#define ENCTYPE_DES3_CBC_SHA1 0x0010 #define ENCTYPE_UNKNOWN 0x01ff /* local crud */ /* marc's DES-3 with 32-bit length */ @@ -379,7 +379,7 @@ typedef struct _krb5_enc_data { #define CKSUMTYPE_RSA_MD5 0x0007 #define CKSUMTYPE_RSA_MD5_DES 0x0008 #define CKSUMTYPE_NIST_SHA 0x0009 -#define CKSUMTYPE_HMAC_SHA1 0x000a +#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c #ifndef krb5_roundup /* round x up to nearest multiple of y */ @@ -1168,24 +1168,25 @@ typedef struct _krb5_cc_ops { #define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 #define KRB5_TC_MATCH_2ND_TKT 0x00000080 #define KRB5_TC_MATCH_KTYPE 0x00000100 +#define KRB5_TC_SUPPORTED_KTYPES 0x00000200 /* for set_flags and other functions */ #define KRB5_TC_OPENCLOSE 0x00000001 -#define krb5_cc_initialize(context, cache, principal) krb5_x((cache)->ops->init,(context, cache, principal)) -#define krb5_cc_gen_new(context, cache) krb5_x((*cache)->ops->gen_new,(context, cache)) -#define krb5_cc_destroy(context, cache) krb5_x((cache)->ops->destroy,(context, cache)) -#define krb5_cc_close(context, cache) krb5_x((cache)->ops->close,(context, cache)) -#define krb5_cc_store_cred(context, cache, creds) krb5_x((cache)->ops->store,(context, cache, creds)) -#define krb5_cc_retrieve_cred(context, cache, flags, mcreds, creds) krb5_x((cache)->ops->retrieve,(context, cache, flags, mcreds, creds)) -#define krb5_cc_get_principal(context, cache, principal) krb5_x((cache)->ops->get_princ,(context, cache, principal)) -#define krb5_cc_start_seq_get(context, cache, cursor) krb5_x((cache)->ops->get_first,(context, cache, cursor)) -#define krb5_cc_next_cred(context, cache, cursor, creds) krb5_x((cache)->ops->get_next,(context, cache, cursor, creds)) -#define krb5_cc_end_seq_get(context, cache, cursor) krb5_x((cache)->ops->end_get,(context, cache, cursor)) -#define krb5_cc_remove_cred(context, cache, flags, creds) krb5_x((cache)->ops->remove_cred,(context, cache,flags, creds)) -#define krb5_cc_set_flags(context, cache, flags) krb5_x((cache)->ops->set_flags,(context, cache, flags)) -#define krb5_cc_get_name(context, cache) krb5_xc((cache)->ops->get_name,(context, cache)) -#define krb5_cc_get_type(context, cache) ((cache)->ops->prefix) +#define krb5_cc_initialize(context, cache, principal) krb5_x ((cache)->ops->init,(context, cache, principal)) +#define krb5_cc_gen_new(context, cache) krb5_x ((*cache)->ops->gen_new,(context, cache)) +#define krb5_cc_destroy(context, cache) krb5_x ((cache)->ops->destroy,(context, cache)) +#define krb5_cc_close(context, cache) krb5_x ((cache)->ops->close,(context, cache)) +#define krb5_cc_store_cred(context, cache, creds) krb5_x ((cache)->ops->store,(context, cache, creds)) +#define krb5_cc_retrieve_cred(context, cache, flags, mcreds, creds) krb5_x ((cache)->ops->retrieve,(context, cache, flags, mcreds, creds)) +#define krb5_cc_get_principal(context, cache, principal) krb5_x ((cache)->ops->get_princ,(context, cache, principal)) +#define krb5_cc_start_seq_get(context, cache, cursor) krb5_x ((cache)->ops->get_first,(context, cache, cursor)) +#define krb5_cc_next_cred(context, cache, cursor, creds) krb5_x ((cache)->ops->get_next,(context, cache, cursor, creds)) +#define krb5_cc_end_seq_get(context, cache, cursor) krb5_x ((cache)->ops->end_get,(context, cache, cursor)) +#define krb5_cc_remove_cred(context, cache, flags, creds) krb5_x ((cache)->ops->remove_cred,(context, cache,flags, creds)) +#define krb5_cc_set_flags(context, cache, flags) krb5_x ((cache)->ops->set_flags,(context, cache, flags)) +#define krb5_cc_get_name(context, cache) krb5_xc((cache)->ops->get_name,(context, cache)) +#define krb5_cc_get_type(context, cache) ((cache)->ops->prefix) extern krb5_cc_ops *krb5_cc_dfl_ops; @@ -2153,7 +2154,7 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_realm_domain KRB5_PROTOTYPE((krb5_context, const char *, char ** )); -krb5_boolean krb5_kuserok +KRB5_DLLIMP krb5_boolean KRB5_CALLCONV krb5_kuserok KRB5_PROTOTYPE((krb5_context, krb5_principal, const char *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs diff --git a/src/include/krb5/k5-config.h b/src/include/krb5/k5-config.h deleted file mode 100644 index 9d2ec6c18..000000000 --- a/src/include/krb5/k5-config.h +++ /dev/null @@ -1,311 +0,0 @@ -/* - * Copyright 1990,1991,1994,1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Configuration definition file. - */ - - -#ifndef KRB5_CONFIG__ -#define KRB5_CONFIG__ - -#ifdef _MSDOS -/* - * Machine-type definitions: PC Clone 386 running Microloss Windows - */ - -/* Kerberos Windows initialization file */ -#define KERBEROS_INI "kerberos.ini" -#define INI_FILES "Files" -#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ -#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ - -#define KRB5_DBM_COMPAT__ /* Don't load dbm.h */ -#define KRB5_KDB5__ /* Don't load kdb.h */ -#define KRB5_KDB5_DBM__ /* Don't load kdb_dbm.h */ - -#define BITS16 -#define SIZEOF_INT 2 -#define SIZEOF_SHORT 2 -#define SIZEOF_LONG 4 -#define MAXHOSTNAMELEN 512 -#define MAXPATHLEN 256 /* Also for Windows temp files */ - -#define KRB5_USE_INET -#define MSDOS_FILESYSTEM -#define USE_STRING_H -#define HAVE_SRAND -#define HAVE_ERRNO -#define HAS_STRDUP -#define NO_USERID -#define NOFCHMOD -#define NOCHMOD -#define NO_PASSWORD -#define WM_KERBEROS5_CHANGED "Kerberos5 Changed" - -#define HAS_ANSI_VOLATILE -#define HAS_VOID_TYPE -#define KRB5_PROVIDE_PROTOTYPES -#define HAVE_STDARG_H -#define HAVE_SYS_TYPES_H - -#ifndef _SIZE_T_DEFINED -typedef unsigned int size_t; -#define _SIZE_T_DEFINED -#endif - -#ifndef KRB5_SYSTYPES__ -#define KRB5_SYSTYPES__ -#include -typedef unsigned long u_long; /* Not part of sys/types.h on the pc */ -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; -#endif /* KRB5_SYSTYPES__ */ - -#ifndef INTERFACE -#define INTERFACE __far __export __pascal -#define INTERFACE_C __far __export __cdecl -#endif - -/* - * The following defines are needed to make work - * in stdc mode (/Za flag). Winsock.h needs . - */ -#define FAR _far -#define NEAR _near -#define _far __far -#define _near __near -#define _pascal __pascal -#define _cdecl __cdecl -#define _huge __huge - -#ifdef NEED_WINDOWS -#include -#endif - -#ifdef NEED_LOWLEVEL_IO -/* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o - * routines directly. Rather, they only export the _ version. - * The following defines works around this problem. - */ -#include -#include -#include -#include -#include -#define O_RDONLY _O_RDONLY -#define O_WRONLY _O_WRONLY -#define O_RDWR _O_RDWR -#define O_APPEND _O_APPEND -#define O_CREAT _O_CREAT -#define O_TRUNC _O_TRUNC -#define O_EXCL _O_EXCL -#define O_TEXT _O_TEXT -#define O_BINARY _O_BINARY -#define O_NOINHERIT _O_NOINHERIT -#define stat _stat -#define unlink _unlink -#define lseek _lseek -#define write _write -#define open _open -#define close _close -#define read _read -#define fstat _fstat -#define mktemp _mktemp -#define dup _dup - -#define getpid _getpid -#endif - -#ifdef NEED_SYSERROR -/* Only needed by util/et/error_message.c but let's keep the source clean */ -#define sys_nerr _sys_nerr -#define sys_errlist _sys_errlist -#endif - -/* XXX these should be parameterized soon... */ -#define PROVIDE_DES_CBC_MD5 -#define PROVIDE_DES_CBC_CRC -#define PROVIDE_RAW_DES_CBC -#define PROVIDE_CRC32 -#define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_RSA_MD4 -#define PROVIDE_RSA_MD5 -#define DEFAULT_PWD_STRING1 "Enter password:" -#define DEFAULT_PWD_STRING2 "Re-enter password for verification:" - -/* Functions with slightly different names on the PC -*/ -#define strcasecmp _stricmp -#define strdup _strdup -#define off_t _off_t - -#else /* Rest of include file is for non-Microloss-Windows */ - -#if defined(_MACINTOSH) -#include - -typedef struct { - int dummy; -} datum; - -#include - -#ifdef NEED_LOWLEVEL_IO -#include -#endif - -#ifndef _MWERKS -/* there is no for mpw */ -typedef unsigned long mode_t; -typedef unsigned long ino_t; -typedef unsigned long dev_t; -typedef short nlink_t; -typedef unsigned long uid_t; -typedef unsigned long gid_t; -typedef long off_t; -struct stat -{ - mode_t st_mode; /* File mode; see #define's below */ - ino_t st_ino; /* File serial number */ - dev_t st_dev; /* ID of device containing this file */ - nlink_t st_nlink; /* Number of links */ - uid_t st_uid; /* User ID of the file's owner */ - gid_t st_gid; /* Group ID of the file's group */ - dev_t st_rdev; /* Device type */ - off_t st_size; /* File size in bytes */ - unsigned long st_atime; /* Time of last access */ - unsigned long st_mtime; /* Time of last data modification */ - unsigned long st_ctime; /* Time of last file status change */ - long st_blksize; /* Optimal blocksize */ - long st_blocks; /* blocks allocated for file */ -}; - -int stat(const char *path, struct stat *buf); -int fstat(int fildes, struct stat *buf); - -#endif /* _MWERKS */ - -#define EFBIG 1000 - -#define NOFCHMOD 1 -#define NOCHMOD 1 -#define _MACSOCKAPI_ - -#define THREEPARAMOPEN(x,y,z) open(x,y) -#define MAXPATHLEN 255 - -/* protocol families same as address families */ -#define PF_INET AF_INET - -/* XXX these should be parameterized soon... */ -#define PROVIDE_DES_CBC_MD5 -#define PROVIDE_DES_CBC_CRC -#define PROVIDE_RAW_DES_CBC -#define PROVIDE_CRC32 -#define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_RSA_MD4 -#define PROVIDE_RSA_MD5 - -#else /* _MACINTOSH */ -#define THREEPARAMOPEN(x,y,z) open(x,y,z) -#endif /* _MACINTOSH */ - -#ifndef KRB5_AUTOCONF__ -#define KRB5_AUTOCONF__ -#include "autoconf.h" -#endif - -#ifndef KRB5_SYSTYPES__ -#define KRB5_SYSTYPES__ - -#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ -#include -#else /* HAVE_SYS_TYPES_H */ -typedef unsigned long u_long; -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; -#endif /* HAVE_SYS_TYPES_H */ -#endif /* KRB5_SYSTYPES__ */ - -#ifdef SYSV -/* Change srandom and random to use rand and srand */ -/* Taken from the Sandia changes. XXX We should really just include */ -/* srandom and random into Kerberos release, since rand() is a really */ -/* bad random number generator.... [tytso:19920616.2231EDT] */ -#define random() rand() -#define srandom(a) srand(a) -#ifndef unicos61 -#define utimes(a,b) utime(a,b) -#endif /* unicos61 */ -#endif /* SYSV */ - -/* XXX these should be parameterized soon... */ -#define PROVIDE_DES_CBC_MD5 -#define PROVIDE_DES_CBC_CRC -#define PROVIDE_RAW_DES_CBC -#define PROVIDE_CRC32 -#define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_RSA_MD4 -#define PROVIDE_RSA_MD5 - -#define DEFAULT_PWD_STRING1 "Enter password:" -#define DEFAULT_PWD_STRING2 "Re-enter password for verification:" - -#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ -#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ -#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ - -/* - * For paranoid DOE types that don't want to give helpful error - * messages to the client....er, attacker - */ -#undef KRBCONF_VAGUE_ERRORS - -/* - * Define this if you want the KDC to modify the Kerberos database; - * this allows the last request information to be updated, as well as - * the failure count information. - * - * Note that this doesn't work if you're using slave servers!!! It - * also causes the database to be modified (and thus need to be - * locked) frequently. - */ -#undef KRBCONF_KDC_MODIFIES_KDB - -/* - * Windows requires a different api interface to each function. Here - * just define it as NULL. - */ -#define INTERFACE -#define INTERFACE_C -#define FAR -#define NEAR -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -#ifndef HAS_LABS -#define labs(x) abs(x) -#endif - -#endif /* _MSDOS */ -#endif /* KRB5_CONFIG__ */ diff --git a/src/include/win-mac.h b/src/include/win-mac.h index d39e08b25..e2d37e00f 100644 --- a/src/include/win-mac.h +++ b/src/include/win-mac.h @@ -100,7 +100,9 @@ typedef unsigned char u_char; #endif /* KRB5_SYSTYPES__ */ #define MAXHOSTNAMELEN 512 +#ifndef MAXPATHLEN #define MAXPATHLEN 256 /* Also for Windows temp files */ +#endif #define HAVE_NETINET_IN_H #define MSDOS_FILESYSTEM diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index a43021458..a32feb5d1 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -1,3 +1,9 @@ +1999-08-18 Ken Raeburn + + * getdate.y (Convert): Check for year past 2038. + (RelativeMonth): Check for error return from Convert. + (get_date): Check for error return from RelativeMonth. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/kadmin/cli/getdate.y b/src/kadmin/cli/getdate.y index c10c6a046..321603f9f 100644 --- a/src/kadmin/cli/getdate.y +++ b/src/kadmin/cli/getdate.y @@ -125,6 +125,7 @@ static char RCS[] = #define EPOCH 1970 +#define EPOCH_END 2038 /* assumes 32 bits */ #define HOUR(x) ((time_t)(x) * 60) #define SECSPERDAY (24L * 60L * 60L) @@ -595,11 +596,12 @@ Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode) if (Year < 0) Year = -Year; - if (Year < 100) + if (Year < 1900) Year += 1900; DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0) ? 29 : 28; if (Year < EPOCH + || Year > EPOCH_END || Month < 1 || Month > 12 /* Lint fluff: "conversion from long may lose accuracy" */ || Day < 1 || Day > DaysInMonth[(int)--Month]) @@ -661,6 +663,7 @@ RelativeMonth(Start, RelMonth) struct tm *tm; time_t Month; time_t Year; + time_t ret; if (RelMonth == 0) return 0; @@ -668,10 +671,12 @@ RelativeMonth(Start, RelMonth) Month = 12 * tm->tm_year + tm->tm_mon + RelMonth; Year = Month / 12; Month = Month % 12 + 1; - return DSTcorrect(Start, - Convert(Month, (time_t)tm->tm_mday, Year, - (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec, - MER24, DSTmaybe)); + ret = Convert(Month, (time_t)tm->tm_mday, Year, + (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec, + MER24, DSTmaybe); + if (ret == -1) + return ret; + return DSTcorrect(Start, ret); } @@ -861,6 +866,7 @@ get_date(p, now) struct my_timeb ftz; time_t Start; time_t tod; + time_t delta; yyInput = p; if (now == NULL) { @@ -972,7 +978,10 @@ get_date(p, now) * thoroughness? */ Start += yyRelSeconds; - Start += RelativeMonth(Start, yyRelMonth); + delta = RelativeMonth(Start, yyRelMonth); + if (delta == (time_t) -1) + return -1; + Start += delta; /* * Now, if you specified a day of week and counter, add it in. By diff --git a/src/kadmin/v4server/unit-test/ChangeLog b/src/kadmin/v4server/unit-test/ChangeLog index 5de301820..ebc0d2e42 100644 --- a/src/kadmin/v4server/unit-test/ChangeLog +++ b/src/kadmin/v4server/unit-test/ChangeLog @@ -1,3 +1,11 @@ +1999-08-31 Ken Raeburn + + * lib/helpers.exp (unexpire): Move expiration date ahead a few + decades. + + * Makefile.in (check- check-ok): Disable tests until the tests get + updated for non-OVSEC mode, etc. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/kadmin/v4server/unit-test/Makefile.in b/src/kadmin/v4server/unit-test/Makefile.in index 783c26ddf..b1f9c6346 100644 --- a/src/kadmin/v4server/unit-test/Makefile.in +++ b/src/kadmin/v4server/unit-test/Makefile.in @@ -8,13 +8,19 @@ BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) check:: check-@DO_V4_TEST@ -check-:: +# When the tests get updated, nuke this and delete "-not" from the next two. +check- check-ok:: + @echo "+++" + @echo "+++ WARNING: kadmin/v4server unit tests out of date; not run." + @echo "+++" + +check--not:: @echo "+++" @echo "+++ WARNING: kadmin/v4server unit tests not run." @echo "+++ Either Athena compatibility, tcl, runtest, or Perl is unavailable." @echo "+++" -check-ok unit-test:: unit-test-setup unit-test-body unit-test-cleanup +check-ok-not unit-test:: unit-test-setup unit-test-body unit-test-cleanup unit-test-setup:: $(ENV_SETUP) $(START_SERVERS_LOCAL) -v4files -kdcport 750 -keysalt des-cbc-crc:v4 diff --git a/src/kadmin/v4server/unit-test/lib/helpers.exp b/src/kadmin/v4server/unit-test/lib/helpers.exp index 8338d3703..a3087dc14 100644 --- a/src/kadmin/v4server/unit-test/lib/helpers.exp +++ b/src/kadmin/v4server/unit-test/lib/helpers.exp @@ -215,7 +215,7 @@ proc unexpire { name fullname } { # While we're at it, make sure they aren't expired. exp_prog "$name: kadmin.local" $kadmin_local "" 0 { "kadmin.local:" { - send "modprinc -expire \"May 6, 1999\" $fullname\n" + send "modprinc -expire \"May 6, 2029\" $fullname\n" } } { -re "Principal .* modified." { send "quit\n" } diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 40d581f31..52f455a3e 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,14 @@ +1999-08-18 Tom Yu + + * kerberos_v4.c (compat_decrypt_key): Align DES3 enctypes with + current names. + (kerb_get_principal): Align DES3 enctypes with current names. + +1999-08-17 Ken Raeburn + + * kdc_util.c (select_session_keytype): If none of the requested + ktypes are NULL or single-DES, force des-cbc-crc. + 1999-06-30 Ken Raeburn * Makefile.in (CFLAGS): Define NOCACHE. diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 51d4d7807..cb18e5028 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1389,15 +1389,39 @@ select_session_keytype(context, server, nktypes, ktype) krb5_enctype *ktype; { int i; + krb5_enctype dfl = 0; for (i = 0; i < nktypes; i++) { if (!valid_enctype(ktype[i])) continue; - if (dbentry_supports_enctype(context, server, ktype[i])) - return (ktype[i]); + if (dbentry_supports_enctype(context, server, ktype[i])) { + switch (ktype[i]) { + case ENCTYPE_NULL: + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD4: + case ENCTYPE_DES_CBC_MD5: + case ENCTYPE_DES_CBC_RAW: + case ENCTYPE_DES_HMAC_SHA1: + return ktype[i]; + + default: + /* For now, too much of our code supports only + single-DES. For example, the GSSAPI Kerberos + mechanism needs to be modified. If someone tries + using other key types, force single-DES for the + session key. + + This weird way of setting it here is so that a + requested single-DES enctype listed after DES3 can + be used, and this fallback enctype will be used + only if *no* single-DES enctypes were requested. */ + dfl = ENCTYPE_DES_CBC_CRC; + break; + } + } } - return 0; + return dfl; } /* diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index 4dbd4252c..1ee1ba8a1 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -384,7 +384,7 @@ compat_decrypt_key (in5, out4, out5, issrv) retval = -1; } else { /* KLUDGE! If it's a non-raw des3 key, bash its enctype */ - if (out5->enctype == ENCTYPE_DES3_HMAC_SHA1 || + if (out5->enctype == ENCTYPE_DES3_CBC_SHA1 || out5->enctype == ENCTYPE_LOCAL_DES3_HMAC_SHA1) out5->enctype = ENCTYPE_DES3_CBC_RAW; } @@ -486,7 +486,7 @@ kerb_get_principal(name, inst, principal, maxn, more, k5key, kvno, issrv) ENCTYPE_LOCAL_DES3_HMAC_SHA1, -1, kvno, &pkey) && krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES3_HMAC_SHA1, + ENCTYPE_DES3_CBC_SHA1, -1, kvno, &pkey) && krb5_dbe_find_enctype(kdc_context, &entries, ENCTYPE_DES_CBC_CRC, diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 878955552..a080b7831 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,11 @@ +1999-08-18 Tom Yu + + * krb524d.c (do_connection): Convert to using new symbol for + DES3. + + * cnv_tkt_skey.c (krb524_convert_tkt_skey): Convert to using new + symbol for DES3. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index 4c51b6777..fc25246cd 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -170,7 +170,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, v4_skey->contents); } else { /* Force enctype to be raw if using DES3. */ - if (v4_skey->enctype == ENCTYPE_DES3_HMAC_SHA1 || + if (v4_skey->enctype == ENCTYPE_DES3_CBC_SHA1 || v4_skey->enctype == ENCTYPE_LOCAL_DES3_HMAC_SHA1) v4_skey->enctype = ENCTYPE_DES3_CBC_RAW; ret = krb_cr_tkt_krb5(v4tkt, diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 1afeec2dc..cad0e3160 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -307,7 +307,7 @@ krb5_error_code do_connection(s, context) 0, &v4_service_key, &v4kvno)) && (ret = lookup_service_key(context, v5tkt->server, - ENCTYPE_DES3_HMAC_SHA1, + ENCTYPE_DES3_CBC_SHA1, 0, &v4_service_key, &v4kvno)) && (ret = lookup_service_key(context, v5tkt->server, diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index b8498cad6..48c642b38 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,7 @@ +1999-08-26 Danilo Almeida + + * krb5_32.def: Export krb5_kuserok. + 1999-07-22 Jeffrey Altman * krb5_32.def diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 7d4cf47d6..2959956e8 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,18 @@ +1999-08-26 Tom Yu + + * etypes.c: Add aliases "des" for "des-cbc-md5", "des3-hmac-sha1" + and "des3-cbc-sha1-kd" for "des3-cbc-sha1". + + * cksumtypes.c: Add alias "hmac-sha1-des3-kd". + +1999-08-18 Tom Yu + + * etypes.c: Update des3-cbc-sha1 to alignt with new number + assignments. + + * cksumtypes.c: Update hmac-sha1-des3 to align with new number + assignments. + Tue May 18 19:52:56 1999 Danilo Almeida * Makefile.in: Remove - from recursive Win32 make invocation. diff --git a/src/lib/crypto/cksumtypes.c b/src/lib/crypto/cksumtypes.c index 8107d3b8f..8f3d21175 100644 --- a/src/lib/crypto/cksumtypes.c +++ b/src/lib/crypto/cksumtypes.c @@ -63,8 +63,12 @@ struct krb5_cksumtypes krb5_cksumtypes_list[] = { 0, NULL, &krb5_hash_sha1 }, - { CKSUMTYPE_HMAC_SHA1, KRB5_CKSUMFLAG_DERIVE, - "hmac-sha1", "HMAC-SHA1", + { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE, + "hmac-sha1-des3", "HMAC-SHA1 DES3 key", + 0, NULL, + &krb5_hash_sha1 }, + { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE, + "hmac-sha1-des3-kd", "HMAC-SHA1 DES3 key", /* alias */ 0, NULL, &krb5_hash_sha1 }, }; diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c index 4d16aa96a..fe4b71033 100644 --- a/src/lib/crypto/etypes.c +++ b/src/lib/crypto/etypes.c @@ -54,6 +54,11 @@ struct krb5_keytypes krb5_enctypes_list[] = { &krb5_enc_des, &krb5_hash_md5, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, krb5_des_string_to_key }, + { ENCTYPE_DES_CBC_MD5, + "des", "DES cbc mode with RSA-MD5", /* alias */ + &krb5_enc_des, &krb5_hash_md5, + krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, + krb5_des_string_to_key }, { ENCTYPE_DES_CBC_RAW, "des-cbc-raw", "DES cbc mode raw", @@ -66,17 +71,32 @@ struct krb5_keytypes krb5_enctypes_list[] = { krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, krb5_dk_string_to_key }, - { ENCTYPE_DES3_HMAC_SHA1, - "des3-hmac-sha1", "Triple DES with HMAC/sha1", + { ENCTYPE_DES3_CBC_SHA1, + "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1", &krb5_enc_des3, &krb5_hash_sha1, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, krb5_dk_string_to_key }, + { ENCTYPE_DES3_CBC_SHA1, /* alias */ + "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1", + &krb5_enc_des3, &krb5_hash_sha1, + krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, + krb5_dk_string_to_key }, + { ENCTYPE_DES3_CBC_SHA1, /* alias */ + "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1", + &krb5_enc_des3, &krb5_hash_sha1, + krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, + krb5_dk_string_to_key }, + { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1", "DES with HMAC/sha1", &krb5_enc_des, &krb5_hash_sha1, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, krb5_dk_string_to_key }, #ifdef ATHENA_DES3_KLUDGE + /* + * If you are using this, you're almost certainly doing the + * Wrong Thing. + */ { ENCTYPE_LOCAL_DES3_HMAC_SHA1, "des3-marc-hmac-sha1", "Triple DES with HMAC/sha1 and 32-bit length code", diff --git a/src/lib/crypto/old/ChangeLog b/src/lib/crypto/old/ChangeLog index c3368c68d..440f77ce2 100644 --- a/src/lib/crypto/old/ChangeLog +++ b/src/lib/crypto/old/ChangeLog @@ -1,3 +1,9 @@ +1999-08-25 Ken Raeburn + + * old_decrypt.c (memmove) [HAVE_BCOPY && !HAVE_MEMMOVE]: Define to + use bcopy. Should work unless any system has no memmove *and* + bcopy isn't safe with overlaps. + Mon May 10 15:20:32 1999 Danilo Almeida * Makefile.in: Do win32 build in subdir. diff --git a/src/lib/crypto/old/old_decrypt.c b/src/lib/crypto/old/old_decrypt.c index 26019e164..2d22648e2 100644 --- a/src/lib/crypto/old/old_decrypt.c +++ b/src/lib/crypto/old/old_decrypt.c @@ -27,6 +27,12 @@ #include "k5-int.h" #include "old.h" +#ifndef HAVE_MEMMOVE +#ifdef HAVE_BCOPY +#define memmove(dst,src,size) bcopy(src,dst,size) +#endif +#endif + krb5_error_code krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output) krb5_const struct krb5_enc_provider *enc; diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index a6b5a11f1..23730e8c7 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,11 @@ +1999-08-27 Tom Yu + + * accept_sec_context.c (krb5_gss_accept_sec_context): Disable + krb5-mech2 stuff for now. + + * init_sec_context.c (make_ap_req_v2): Disable krb5-mech2 stuff + for now. + Wed May 19 13:21:55 1999 Danilo Almeida * Makefile.in: Improve rule to create gssapi include dir under diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 0ac945c45..4c037e490 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -49,6 +49,7 @@ #include "k5-int.h" #include "gssapiP_krb5.h" #include +#include /* * $Id$ @@ -769,101 +770,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle, ctx->established = 1; if (ctx->gsskrb5_version == 2000) { - krb5_ui_4 tok_flags; - - tok_flags = - (ctx->gss_flags & GSS_C_DELEG_FLAG)?KG2_RESP_FLAG_DELEG_OK:0; - - cksumdata.length = 8 + 4*ctx->nctypes + 4; - - if ((cksumdata.data = (char *) malloc(cksumdata.length)) == NULL) { - code = ENOMEM; - major_status = GSS_S_FAILURE; - goto fail; - } - - /* construct the token fields */ - - ptr = cksumdata.data; - - ptr[0] = (KG2_TOK_RESPONSE >> 8) & 0xff; - ptr[1] = KG2_TOK_RESPONSE & 0xff; - - ptr[2] = (tok_flags >> 24) & 0xff; - ptr[3] = (tok_flags >> 16) & 0xff; - ptr[4] = (tok_flags >> 8) & 0xff; - ptr[5] = tok_flags & 0xff; - - ptr[6] = (ctx->nctypes >> 8) & 0xff; - ptr[7] = ctx->nctypes & 0xff; - - ptr += 8; - - for (i=0; inctypes; i++) { - ptr[i] = (ctx->ctypes[i] >> 24) & 0xff; - ptr[i+1] = (ctx->ctypes[i] >> 16) & 0xff; - ptr[i+2] = (ctx->ctypes[i] >> 8) & 0xff; - ptr[i+3] = ctx->ctypes[i] & 0xff; - - ptr += 4; - } - - memset(ptr, 0, 4); - - /* make the MIC token */ - - { - gss_buffer_desc text, token; - - text.length = cksumdata.length; - text.value = cksumdata.data; - - /* ctx->seq_send must be set before this call */ - - if (GSS_ERROR(major_status = - krb5_gss_get_mic(&code, ctx, - GSS_C_QOP_DEFAULT, - &text, &token))) - goto fail; - - mic.length = token.length; - mic.data = token.value; - } - - token.length = g_token_size((gss_OID) mech_used, - (cksumdata.length-2)+4+ap_rep.length+ - mic.length); - - if ((token.value = (unsigned char *) xmalloc(token.length)) - == NULL) { - code = ENOMEM; - major_status = GSS_S_FAILURE; - goto fail; - } - ptr = token.value; - g_make_token_header((gss_OID) mech_used, - (cksumdata.length-2)+4+ap_rep.length+mic.length, - &ptr, KG2_TOK_RESPONSE); - - memcpy(ptr, cksumdata.data+2, cksumdata.length-2); - ptr += cksumdata.length-2; - - ptr[0] = (ap_rep.length >> 8) & 0xff; - ptr[1] = ap_rep.length & 0xff; - memcpy(ptr+2, ap_rep.data, ap_rep.length); - - ptr += (2+ap_rep.length); - - ptr[0] = (mic.length >> 8) & 0xff; - ptr[1] = mic.length & 0xff; - memcpy(ptr+2, mic.data, mic.length); - - ptr += (2+mic.length); - - free(cksumdata.data); - cksumdata.data = 0; - - /* gss krb5 v2 */ + int krb5_mech2_supported = 0; + assert(krb5_mech2_supported); } else { /* gss krb5 v1 */ diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index fb11cf5a2..878c8abd7 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -49,6 +49,7 @@ #include "gssapiP_krb5.h" #include #include +#include /* * $Id$ @@ -117,196 +118,8 @@ make_ap_req_v2(context, ctx, cred, k_cred, chan_bindings, mech_type, token) gss_OID mech_type; gss_buffer_t token; { - krb5_flags mk_req_flags = 0; - krb5_int32 con_flags; - krb5_error_code code; - krb5_data credmsg, cksumdata, ap_req; - int i, tlen, cblen, nctypes; - krb5_cksumtype *ctypes; - unsigned char *t, *ptr; - - credmsg.data = 0; - cksumdata.data = 0; - ap_req.data = 0; - ctypes = 0; - - /* create the option data if necessary */ - if (ctx->gss_flags & GSS_C_DELEG_FLAG) { - /* first get KRB_CRED message, so we know its length */ - - /* clear the time check flag that was set in krb5_auth_con_init() */ - krb5_auth_con_getflags(context, ctx->auth_context, &con_flags); - krb5_auth_con_setflags(context, ctx->auth_context, - con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); - - code = krb5_fwd_tgt_creds(context, ctx->auth_context, 0, - cred->princ, ctx->there, cred->ccache, 1, - &credmsg); - - /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */ - krb5_auth_con_setflags(context, ctx->auth_context, con_flags); - - if (code) { - /* don't fail here; just don't accept/do the delegation - request */ - ctx->gss_flags &= ~GSS_C_DELEG_FLAG; - } else { - if (credmsg.length > KRB5_INT16_MAX) { - krb5_free_data_contents(context, &credmsg); - return(KRB5KRB_ERR_FIELD_TOOLONG); - } - } - } else { - credmsg.length = 0; - } - - /* construct the list of compatible cksum types */ - - if ((code = krb5_c_keyed_checksum_types(context, - k_cred->keyblock.enctype, - &nctypes, &ctypes))) - goto cleanup; - - if (nctypes == 0) { - code = KRB5_CRYPTO_INTERNAL; - goto cleanup; - } - - /* construct the checksum fields */ - - cblen = 4*5; - if (chan_bindings) - cblen += (chan_bindings->initiator_address.length+ - chan_bindings->acceptor_address.length+ - chan_bindings->application_data.length); - - cksumdata.length = cblen + 8 + 4*nctypes + 4; - if (credmsg.length) - cksumdata.length += 4 + credmsg.length; - - if ((cksumdata.data = (char *) malloc(cksumdata.length)) == NULL) - goto cleanup; - - /* helper macros. This code currently depends on a long being 32 - bits, and htonl dtrt. */ - - ptr = cksumdata.data; - - if (chan_bindings) { - TWRITE_INT(ptr, chan_bindings->initiator_addrtype, 1); - TWRITE_BUF(ptr, chan_bindings->initiator_address, 1); - TWRITE_INT(ptr, chan_bindings->acceptor_addrtype, 1); - TWRITE_BUF(ptr, chan_bindings->acceptor_address, 1); - TWRITE_BUF(ptr, chan_bindings->application_data, 1); - } else { - memset(ptr, 0, cblen); - ptr += cblen; - } - - /* construct the token fields */ - - ptr[0] = (KG2_TOK_INITIAL >> 8) & 0xff; - ptr[1] = KG2_TOK_INITIAL & 0xff; - - ptr[2] = (ctx->gss_flags >> 24) & 0xff; - ptr[3] = (ctx->gss_flags >> 16) & 0xff; - ptr[4] = (ctx->gss_flags >> 8) & 0xff; - ptr[5] = ctx->gss_flags & 0xff; - - ptr[6] = (nctypes >> 8) & 0xff; - ptr[7] = nctypes & 0xff; - - ptr += 8; - - for (i=0; i> 24) & 0xff; - ptr[1] = (ctypes[i] >> 16) & 0xff; - ptr[2] = (ctypes[i] >> 8) & 0xff; - ptr[3] = ctypes[i] & 0xff; - - ptr += 4; - } - - if (credmsg.length) { - ptr[0] = (KRB5_GSS_FOR_CREDS_OPTION >> 8) & 0xff; - ptr[1] = KRB5_GSS_FOR_CREDS_OPTION & 0xff; - - ptr[2] = (credmsg.length >> 8) & 0xff; - ptr[3] = credmsg.length & 0xff; - - ptr += 4; - - memcpy(ptr, credmsg.data, credmsg.length); - - ptr += credmsg.length; - } - - memset(ptr, 0, 4); - - /* call mk_req. subkey and ap_req need to be used or destroyed */ - - mk_req_flags = AP_OPTS_USE_SUBKEY; - - if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) - mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED; - - if ((code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags, - &cksumdata, k_cred, &ap_req))) - goto cleanup; - - /* store the interesting stuff from creds and authent */ - ctx->endtime = k_cred->times.endtime; - ctx->krb_flags = k_cred->ticket_flags; - - /* build up the token */ - - /* allocate space for the token */ - tlen = g_token_size((gss_OID) mech_type, - (cksumdata.length-(2+cblen))+2+ap_req.length); - - if ((t = (unsigned char *) xmalloc(tlen)) == NULL) { - code = ENOMEM; - goto cleanup; - } - - ptr = t; - - g_make_token_header((gss_OID) mech_type, - (cksumdata.length-(2+cblen))+2+ap_req.length, - &ptr, KG2_TOK_INITIAL); - - /* skip over the channel bindings and the token id */ - memcpy(ptr, cksumdata.data+cblen+2, cksumdata.length-(cblen+2)); - ptr += cksumdata.length-(cblen+2); - ptr[0] = (ap_req.length >> 8) & 0xff; - ptr[1] = ap_req.length & 0xff; - ptr += 2; - memcpy(ptr, ap_req.data, ap_req.length); - - /* pass allocated data back */ - - ctx->nctypes = nctypes; - ctx->ctypes = ctypes; - - token->length = tlen; - token->value = (void *) t; - - code = 0; - -cleanup: - if (code) { - if (ctypes) - krb5_free_cksumtypes(context, ctypes); - } - - if (credmsg.data) - free(credmsg.data); - if (ap_req.data) - free(ap_req.data); - if (cksumdata.data) - free(cksumdata.data); - - return(code); + int krb5_mech2_supported = 0; + assert(krb5_mech2_supported); } static krb5_error_code diff --git a/src/lib/kadm5/clnt/ChangeLog b/src/lib/kadm5/clnt/ChangeLog index 9bb42cb26..e05cb51fd 100644 --- a/src/lib/kadm5/clnt/ChangeLog +++ b/src/lib/kadm5/clnt/ChangeLog @@ -1,3 +1,8 @@ +1999-08-27 Tom Yu + + * client_init.c (_kadm5_init_any): Remove support for krb5-mech2 + for now. + Thu May 13 17:24:44 1999 Tom Yu * client_init.c (_kadm5_init_any): Use gss_krb5_ccache_name() to diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index e86fbe877..65a313d8d 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -469,29 +469,17 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, #ifndef INIT_TEST handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, - &gssstat, - &minor_stat, - gss_client_creds, - gss_target, - gss_mech_krb5_v2, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, - 0, - NULL, - NULL, - NULL); - - if (!handle->clnt->cl_auth) - handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, - &gssstat, - &minor_stat, - gss_client_creds, - gss_target, - gss_mech_krb5, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, - 0, - NULL, - NULL, - NULL); + &gssstat, + &minor_stat, + gss_client_creds, + gss_target, + gss_mech_krb5, + GSS_C_MUTUAL_FLAG + | GSS_C_REPLAY_FLAG, + 0, + NULL, + NULL, + NULL); (void) gss_release_name(&minor_stat, &gss_target); #endif /* ! INIT_TEST */ diff --git a/src/lib/kadm5/unit-test/ChangeLog b/src/lib/kadm5/unit-test/ChangeLog index e4c000102..e044836fa 100644 --- a/src/lib/kadm5/unit-test/ChangeLog +++ b/src/lib/kadm5/unit-test/ChangeLog @@ -1,3 +1,21 @@ +1999-08-30 Ken Raeburn + + * api.2/init-v2.exp (RESOLVE): New variable. + (get_hostname): New proc, taken from tests/dejagnu. + (test101): Use get_hostname, set a variable in the target process + to hold the result, and use that variable in the other commands + passed. + + * Makefile.in (unit-test-client-body): Pass $(RUNTESTFLAGS) to + runtest, so the user can run subsets of the test suite. + (unit-test-server-body): Likewise. + +1999-08-26 Ken Raeburn + + * api.2/init-v2.exp (test101): Use local host name instead of + "localhost", since address 127.0.0.1 probably won't be listed in + credentials. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in index 89ba1efd0..048173d02 100644 --- a/src/lib/kadm5/unit-test/Makefile.in +++ b/src/lib/kadm5/unit-test/Makefile.in @@ -115,14 +115,14 @@ unit-test-client-body: site.exp test-noauth test-destroy test-handle-client $(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \ KINIT=$(BUILDTOP)/clients/kinit/kinit \ KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \ - KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local + KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local $(RUNTESTFLAGS) -mv api.log capi.log -mv api.sum capi.sum unit-test-server-body: site.exp test-handle-server lock-test $(ENV_SETUP) $(RUNTEST) --tool api RPC=0 API=$(SRVTCL) \ LOCKTEST=./lock-test \ - KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local + KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local $(RUNTESTFLAGS) -mv api.log sapi.log -mv api.sum sapi.sum diff --git a/src/lib/kadm5/unit-test/api.2/init-v2.exp b/src/lib/kadm5/unit-test/api.2/init-v2.exp index bf1a7df49..fe0721494 100644 --- a/src/lib/kadm5/unit-test/api.2/init-v2.exp +++ b/src/lib/kadm5/unit-test/api.2/init-v2.exp @@ -19,21 +19,63 @@ proc test100 {} { } if {$RPC} test100 +if ![info exists RESOLVE] { + set RESOLVE [findfile $objdir/../../../tests/resolve/resolve] +} +proc get_hostname { } { + global RESOLVE + global hostname + global localhostname + global domain + + if {[info exists hostname] && [info exists localhostname]} { + return 1 + } + + catch "exec $RESOLVE -q >myname" exec_output + if ![string match "" $exec_output] { + send_log "$exec_output\n" + verbose $exec_output + send_error "ERROR: can't get hostname\n" + return 0 + } + set file [open myname r] + if { [ gets $file hostname ] == -1 } { + send_error "ERROR: no output from hostname\n" + return 0 + } + close $file + catch "exec rm -f myname" exec_output + regexp "^(\[^.\]*)\.(.*)$" $hostname foo localhostname domain + + set hostname [string tolower $hostname] + set localhostname [string tolower $localhostname] + set domain [string tolower $domain] + verbose "hostname: $hostname; localhostname: $localhostname; domain $domain" + + return 1 +} + + test "init 101" proc test101 {} { global test + global hostname + + get_hostname + tcl_cmd "set hostname $hostname" # XXX Fix to work with a remote TEST_SERVER. For now, make sure # it fails in that case. one_line_succeed_test { kadm5_init admin admin $KADM5_ADMIN_SERVICE \ - [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} {localhost 1751}] \ + [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ server_handle } one_line_fail_test { kadm5_init admin admin $KADM5_ADMIN_SERVICE \ - [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} {localhost 1}] \ + [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1]] \ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ server_handle } "RPC_ERROR" diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index c655c178f..42d640c11 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,14 @@ +1999-08-30 Ken Raeburn + + * t_kdb.c (add_principal): Free only contents of a generated key, + since the keyblock structure itself is on the stack. + +1999-08-17 Ken Raeburn + + * t_kdb.c (add_principal): Update for new calling sequence to + krb5_dbekd_encrypt_key_data. + (do_testing): Update calls. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/lib/kdb/t_kdb.c b/src/lib/kdb/t_kdb.c index b14152602..aef50ee1c 100644 --- a/src/lib/kdb/t_kdb.c +++ b/src/lib/kdb/t_kdb.c @@ -273,16 +273,16 @@ principal_found(nvalid, pname) * Add a principal to the database. */ static krb5_error_code -add_principal(kcontext, principal, eblock, key, rseed) +add_principal(kcontext, principal, mkey, key, rseed) krb5_context kcontext; krb5_principal principal; - krb5_encrypt_block * eblock; + krb5_keyblock * mkey; krb5_keyblock * key; krb5_pointer rseed; { krb5_error_code kret; krb5_db_entry dbent; - krb5_keyblock * rkey = NULL; + krb5_keyblock * rkey = NULL, lkey; krb5_timestamp timenow; int nentries = 1; @@ -304,19 +304,21 @@ add_principal(kcontext, principal, eblock, key, rseed) goto out; if (!key) { - if ((kret = krb5_random_key(kcontext, eblock, rseed, &rkey))) + kret = krb5_c_make_random_key (kcontext, mkey->enctype, &lkey); + if (kret) goto out; + rkey = &lkey; } else rkey = key; if ((kret = krb5_dbe_create_key_data(kcontext, &dbent))) goto out; - if ((kret = krb5_dbekd_encrypt_key_data(kcontext, eblock, rkey, NULL, 1, + if ((kret = krb5_dbekd_encrypt_key_data(kcontext, mkey, rkey, NULL, 1, &dbent.key_data[0]))) goto out; if (!key) - krb5_free_keyblock(kcontext, rkey); + krb5_free_keyblock_contents(kcontext, rkey); kret = krb5_db_put_principal(kcontext, &dbent, &nentries); if ((!kret) && (nentries != 1)) @@ -564,7 +566,7 @@ do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean, op = "adding master principal"; if ((kret = add_principal(kcontext, master_princ, - &master_encblock, + &master_keyblock, &master_keyblock, rseed))) goto goodbye; @@ -628,7 +630,7 @@ do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean, swatch_on(); } if ((kret = add_principal(kcontext, playback_principal(passno), - &master_encblock, kbp, rseed))) { + &master_keyblock, kbp, rseed))) { linkage = "initially "; oparg = playback_name(passno); goto cya; @@ -659,7 +661,7 @@ do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean, } if ((kret = add_principal(kcontext, playback_principal(nvalid), - &master_encblock, + &master_keyblock, kbp, rseed))) { oparg = playback_name(nvalid); goto cya; @@ -789,7 +791,7 @@ do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean, for (passno=0; passno 4) fprintf(stderr, "*A(%s)\n", playback_name(passno)); @@ -885,7 +887,7 @@ do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean, for (j=0; j + + * memcache.c (change_cache): Use PostMessage instead of SendMessage + so we do not block. + +Fri Aug 13 23:23:00 1999 Brad Thompson + + * sendauth.c: Initialize __krb_sendauth_hidden_tkt_len so + it doesn't end up in the common block. + + * pkt_clen.c: Initialize swap_bytes so that it doesn't end + up in the common block. + Mon May 10 15:23:15 1999 Danilo Almeida * Makefile.in: Do win32 build in subdir. diff --git a/src/lib/krb4/memcache.c b/src/lib/krb4/memcache.c index d2669df9b..a7eccc809 100644 --- a/src/lib/krb4/memcache.c +++ b/src/lib/krb4/memcache.c @@ -194,7 +194,7 @@ change_cache() locked = FALSE; } - SendMessage(HWND_BROADCAST, krb_get_notification_message(), 0, 0); + PostMessage(HWND_BROADCAST, krb_get_notification_message(), 0, 0); } diff --git a/src/lib/krb4/pkt_clen.c b/src/lib/krb4/pkt_clen.c index 352c91d4e..14e6962ab 100644 --- a/src/lib/krb4/pkt_clen.c +++ b/src/lib/krb4/pkt_clen.c @@ -14,7 +14,7 @@ #include "prot.h" extern int krb_debug; -int swap_bytes; +int swap_bytes=0; /* * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of diff --git a/src/lib/krb4/sendauth.c b/src/lib/krb4/sendauth.c index d11076fc3..9b8fb3904 100644 --- a/src/lib/krb4/sendauth.c +++ b/src/lib/krb4/sendauth.c @@ -107,7 +107,7 @@ * * See FIXME KLUDGE code in appl/bsd/kcmd.c. */ -KRB4_32 __krb_sendauth_hidden_tkt_len; +KRB4_32 __krb_sendauth_hidden_tkt_len=0; #define raw_tkt_len __krb_sendauth_hidden_tkt_len diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 508078644..3ec681fd9 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,15 @@ +1999-08-23 Ken Raeburn + + * cc_retr.c: New file. + (krb5_cc_retrieve_cred_seq): New function, derived from + fcc_retrieve but takes an optional list of enctypes to look for in + priority order. + (krb5_cc_retrieve_cred_default): New function. Same signature as + original fcc_retrieve but if new flag KRB5_TC_SUPPORTED_KTYPES is + set, calls krb5_get_tgs_ktypes to get a list of enctypes to look + for. + * Makefile.in (STLIBOBJS, OBJS, SRCS): Add it. + Tue May 18 19:52:56 1999 Danilo Almeida * Makefile.in: Remove - from recursive Win32 make invocation. diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in index eafa55773..a9d426595 100644 --- a/src/lib/krb5/ccache/Makefile.in +++ b/src/lib/krb5/ccache/Makefile.in @@ -21,18 +21,21 @@ STLIBOBJS= \ cccopy.o \ ccdefault.o \ ccdefops.o \ + cc_retr.o \ ser_cc.o OBJS= $(OUTPRE)ccbase.$(OBJEXT) \ $(OUTPRE)cccopy.$(OBJEXT) \ $(OUTPRE)ccdefault.$(OBJEXT) \ $(OUTPRE)ccdefops.$(OBJEXT) \ + $(OUTPRE)cc_retr.$(OBJEXT) \ $(OUTPRE)ser_cc.$(OBJEXT) SRCS= $(srcdir)/ccbase.c \ $(srcdir)/cccopy.c \ $(srcdir)/ccdefault.c \ $(srcdir)/ccdefops.c \ + $(srcdir)/cc_retr.c \ $(srcdir)/ser_cc.c all-unix:: all-libobjs diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c new file mode 100644 index 000000000..e786335d0 --- /dev/null +++ b/src/lib/krb5/ccache/cc_retr.c @@ -0,0 +1,283 @@ +/* + * lib/krb5/ccache/cc_retr.c + * + * Copyright 1990,1991,1999 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + */ + +#include "k5-int.h" + +#define KRB5_OK 0 + +#define set(bits) (whichfields & bits) +#define flags_match(a,b) (((a) & (b)) == (a)) +#define times_match_exact(t1,t2) (memcmp((char *)(t1), (char *)(t2), sizeof(*(t1))) == 0) + +static krb5_boolean +times_match(t1, t2) + const krb5_ticket_times *t1; + const krb5_ticket_times *t2; +{ + if (t1->renew_till) { + if (t1->renew_till > t2->renew_till) + return FALSE; /* this one expires too late */ + } + if (t1->endtime) { + if (t1->endtime > t2->endtime) + return FALSE; /* this one expires too late */ + } + /* only care about expiration on a times_match */ + return TRUE; +} + +static krb5_boolean +standard_fields_match(context, mcreds, creds) +krb5_context context; +const krb5_creds *mcreds; +const krb5_creds *creds; +{ + return (krb5_principal_compare(context, mcreds->client,creds->client) + && krb5_principal_compare(context, mcreds->server,creds->server)); +} + +/* only match the server name portion, not the server realm portion */ + +static krb5_boolean +srvname_match(context, mcreds, creds) + krb5_context context; + const krb5_creds *mcreds, *creds; +{ + krb5_boolean retval; + krb5_principal_data p1, p2; + + retval = krb5_principal_compare(context, mcreds->client,creds->client); + if (retval != TRUE) + return retval; + /* + * Hack to ignore the server realm for the purposes of the compare. + */ + p1 = *mcreds->server; + p2 = *creds->server; + p1.realm = p2.realm; + return krb5_principal_compare(context, &p1, &p2); +} + +static krb5_boolean +authdata_match(mdata, data) + krb5_authdata * const *mdata, * const *data; +{ + const krb5_authdata *mdatap, *datap; + + if (mdata == data) + return TRUE; + + if (mdata == NULL) + return *data == NULL; + + if (data == NULL) + return *mdata == NULL; + + while ((mdatap = *mdata) && (datap = *data)) { + if ((mdatap->ad_type != datap->ad_type) || + (mdatap->length != datap->length) || + (memcmp ((char *)mdatap->contents, + (char *)datap->contents, mdatap->length) != 0)) + return FALSE; + mdata++; + data++; + } + return (*mdata == NULL) && (*data == NULL); +} + +static krb5_boolean +data_match(data1, data2) + const krb5_data *data1, *data2; +{ + if (!data1) { + if (!data2) + return TRUE; + else + return FALSE; + } + if (!data2) return FALSE; + + if (data1->length != data2->length) + return FALSE; + else + return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; +} + +static int +pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes) +{ + int i; + for (i = 0; i < nktypes; i++) + if (my_ktype == ktypes[i]) + return i; + return -1; +} + +/* + * Effects: + * Searches the credentials cache for a credential matching mcreds, + * with the fields specified by whichfields. If one if found, it is + * returned in creds, which should be freed by the caller with + * krb5_free_credentials(). + * + * The fields are interpreted in the following way (all constants are + * preceded by KRB5_TC_). MATCH_IS_SKEY requires the is_skey field to + * match exactly. MATCH_TIMES requires the requested lifetime to be + * at least as great as that specified; MATCH_TIMES_EXACT requires the + * requested lifetime to be exactly that specified. MATCH_FLAGS + * requires only the set bits in mcreds be set in creds; + * MATCH_FLAGS_EXACT requires all bits to match. + * + * Flag SUPPORTED_KTYPES means check all matching entries that have + * any supported enctype (according to tgs_enctypes) and return the one + * with the enctype listed earliest. Return CC_NOT_KTYPE if a match + * is found *except* for having a supported enctype. + * + * Errors: + * system errors + * permission errors + * KRB5_CC_NOMEM + * KRB5_CC_NOT_KTYPE + */ + +static krb5_error_code +krb5_cc_retrieve_cred_seq (context, id, whichfields, + mcreds, creds, nktypes, ktypes) + krb5_context context; + krb5_ccache id; + krb5_flags whichfields; + krb5_creds *mcreds; + krb5_creds *creds; + int nktypes; + krb5_enctype *ktypes; +{ + /* This function could be considerably faster if it kept indexing */ + /* information.. sounds like a "next version" idea to me. :-) */ + + krb5_cc_cursor cursor; + krb5_error_code kret; + krb5_error_code nomatch_err = KRB5_CC_NOTFOUND; + struct { + krb5_creds creds; + int pref; + } fetched, best; + int have_creds = 0; +#define fetchcreds (fetched.creds) + + kret = krb5_cc_start_seq_get(context, id, &cursor); + if (kret != KRB5_OK) + return kret; + + while ((kret = krb5_cc_next_cred(context, id, &cursor, &fetchcreds)) == KRB5_OK) { + if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && + srvname_match(context, mcreds, &fetchcreds)) || + standard_fields_match(context, mcreds, &fetchcreds)) + && + (! set(KRB5_TC_MATCH_IS_SKEY) || + mcreds->is_skey == fetchcreds.is_skey) + && + (! set(KRB5_TC_MATCH_FLAGS_EXACT) || + mcreds->ticket_flags == fetchcreds.ticket_flags) + && + (! set(KRB5_TC_MATCH_FLAGS) || + flags_match(mcreds->ticket_flags, fetchcreds.ticket_flags)) + && + (! set(KRB5_TC_MATCH_TIMES_EXACT) || + times_match_exact(&mcreds->times, &fetchcreds.times)) + && + (! set(KRB5_TC_MATCH_TIMES) || + times_match(&mcreds->times, &fetchcreds.times)) + && + ( ! set(KRB5_TC_MATCH_AUTHDATA) || + authdata_match(mcreds->authdata, fetchcreds.authdata)) + && + (! set(KRB5_TC_MATCH_2ND_TKT) || + data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) + && + ((! set(KRB5_TC_MATCH_KTYPE))|| + (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype))) + { + if (ktypes) { + fetched.pref = pref (fetchcreds.keyblock.enctype, + nktypes, ktypes); + if (fetched.pref < 0) + nomatch_err = KRB5_CC_NOT_KTYPE; + else if (!have_creds || fetched.pref < best.pref) { + if (have_creds) + krb5_free_cred_contents (context, &best.creds); + else + have_creds = 1; + best = fetched; + continue; + } + } else { + krb5_cc_end_seq_get(context, id, &cursor); + *creds = fetchcreds; + return KRB5_OK; + } + } + + /* This one doesn't match */ + krb5_free_cred_contents(context, &fetchcreds); + } + + /* If we get here, a match wasn't found */ + krb5_cc_end_seq_get(context, id, &cursor); + if (have_creds) { + *creds = best.creds; + return KRB5_OK; + } else + return nomatch_err; +} + +krb5_error_code KRB5_CALLCONV +krb5_cc_retrieve_cred_default (context, id, flags, mcreds, creds) + krb5_context context; + krb5_ccache id; + krb5_flags flags; + krb5_creds *mcreds; + krb5_creds *creds; +{ + krb5_enctype *ktypes; + int nktypes; + krb5_error_code ret; + + if (flags & KRB5_TC_SUPPORTED_KTYPES) { + ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes); + if (ret) + return ret; + nktypes = 0; + while (ktypes[nktypes]) + nktypes++; + + ret = krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds, + nktypes, ktypes); + free (ktypes); + return ret; + } else { + return krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds, + 0, 0); + } +} diff --git a/src/lib/krb5/ccache/ccapi/ChangeLog b/src/lib/krb5/ccache/ccapi/ChangeLog index dfe92f16f..c6ca9f7ea 100644 --- a/src/lib/krb5/ccache/ccapi/ChangeLog +++ b/src/lib/krb5/ccache/ccapi/ChangeLog @@ -1,3 +1,8 @@ +1999-08-23 Ken Raeburn + + * stdcc.c (krb5_stdcc_retrieve): Replace with a version that calls + krb5_cc_retrieve_cred_default. + 1999-08-05 Alexandra Ellwood * stdcc_util.c (deep_free_cc_v5_creds): diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c index db93102ca..18cc870b4 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc.c +++ b/src/lib/krb5/ccache/ccapi/stdcc.c @@ -478,6 +478,7 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred * * - try to find a matching credential in the cache */ +#if 0 krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve (krb5_context context, krb5_ccache id, @@ -523,6 +524,22 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve return KRB5_CC_NOTFOUND; } +#else +#include "k5-int.h" + +krb5_error_code KRB5_CALLCONV +krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds) + krb5_context context; + krb5_ccache id; + krb5_flags whichfields; + krb5_creds *mcreds; + krb5_creds *creds; +{ + return krb5_cc_retrieve_cred_default (context, id, whichfields, + mcreds, creds); +} + +#endif /* * end seq diff --git a/src/lib/krb5/ccache/file/ChangeLog b/src/lib/krb5/ccache/file/ChangeLog index f99e78246..0da5c9701 100644 --- a/src/lib/krb5/ccache/file/ChangeLog +++ b/src/lib/krb5/ccache/file/ChangeLog @@ -1,3 +1,8 @@ +1999-08-23 Ken Raeburn + + * fcc_retrv.c (krb5_fcc_retrieve): Replace with a version that + calls krb5_cc_retrieve_cred_default. + 1999-06-10 Danilo Almeida * fcc_ops.c (krb5_cache_change): Use PostMessage instead of diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c index 5f4e71d7c..c3d1f48cb 100644 --- a/src/lib/krb5/ccache/file/fcc_retrv.c +++ b/src/lib/krb5/ccache/file/fcc_retrv.c @@ -24,6 +24,8 @@ * This file contains the source code for krb5_fcc_retrieve. */ +#if 0 + #include "fcc.h" #ifdef macintosh @@ -230,3 +232,21 @@ authdata_match(mdata, data) } return (*mdata == NULL) && (*data == NULL); } + +#else + +#include "k5-int.h" + +krb5_error_code KRB5_CALLCONV +krb5_fcc_retrieve(context, id, whichfields, mcreds, creds) + krb5_context context; + krb5_ccache id; + krb5_flags whichfields; + krb5_creds *mcreds; + krb5_creds *creds; +{ + return krb5_cc_retrieve_cred_default (context, id, whichfields, + mcreds, creds); +} + +#endif diff --git a/src/lib/krb5/ccache/memory/ChangeLog b/src/lib/krb5/ccache/memory/ChangeLog index 4ff0ffafd..9a68c4118 100644 --- a/src/lib/krb5/ccache/memory/ChangeLog +++ b/src/lib/krb5/ccache/memory/ChangeLog @@ -1,3 +1,8 @@ +1999-08-23 Ken Raeburn + + * mcc_retrv.c (krb5_mcc_retrieve): Replace with a version that + calls krb5_cc_retrieve_cred_default. + Mon May 10 15:25:06 1999 Danilo Almeida * Makefile.in: Do win32 build in subdir. diff --git a/src/lib/krb5/ccache/memory/mcc_retrv.c b/src/lib/krb5/ccache/memory/mcc_retrv.c index ae3510129..6ae6d290d 100644 --- a/src/lib/krb5/ccache/memory/mcc_retrv.c +++ b/src/lib/krb5/ccache/memory/mcc_retrv.c @@ -24,6 +24,8 @@ * This file contains the source code for krb5_mcc_retrieve. */ +#if 0 + #include "mcc.h" #define set(bits) (whichfields & bits) @@ -223,3 +225,21 @@ authdata_match(mdata, data) } return (*mdata == NULL) && (*data == NULL); } + +#else + +#include "k5-int.h" + +krb5_error_code KRB5_CALLCONV +krb5_mcc_retrieve(context, id, whichfields, mcreds, creds) + krb5_context context; + krb5_ccache id; + krb5_flags whichfields; + krb5_creds *mcreds; + krb5_creds *creds; +{ + return krb5_cc_retrieve_cred_default (context, id, whichfields, + mcreds, creds); +} + +#endif diff --git a/src/lib/krb5/ccache/stdio/ChangeLog b/src/lib/krb5/ccache/stdio/ChangeLog index 5b7e7ea1a..9a402a46c 100644 --- a/src/lib/krb5/ccache/stdio/ChangeLog +++ b/src/lib/krb5/ccache/stdio/ChangeLog @@ -1,3 +1,8 @@ +1999-08-23 Ken Raeburn + + * scc_retrv.c (krb5_scc_retrieve): Replace with a version that + calls krb5_cc_retrieve_cred_default. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c index 7498d906e..00a780097 100644 --- a/src/lib/krb5/ccache/stdio/scc_retrv.c +++ b/src/lib/krb5/ccache/stdio/scc_retrv.c @@ -24,6 +24,8 @@ * This file contains the source code for krb5_scc_retrieve. */ +#if 0 + #include "scc.h" #define set(bits) (whichfields & bits) @@ -217,3 +219,21 @@ krb5_scc_retrieve(context, id, whichfields, mcreds, creds) krb5_scc_end_seq_get(context, id, &cursor); return KRB5_CC_NOTFOUND; } + +#else + +#include "k5-int.h" + +krb5_error_code KRB5_CALLCONV +krb5_scc_retrieve(context, id, whichfields, mcreds, creds) + krb5_context context; + krb5_ccache id; + krb5_flags whichfields; + krb5_creds *mcreds; + krb5_creds *creds; +{ + return krb5_cc_retrieve_cred_default (context, id, whichfields, + mcreds, creds); +} + +#endif diff --git a/src/lib/krb5/error_tables/ChangeLog b/src/lib/krb5/error_tables/ChangeLog index 4986a4ce8..9e2d01a5d 100644 --- a/src/lib/krb5/error_tables/ChangeLog +++ b/src/lib/krb5/error_tables/ChangeLog @@ -1,3 +1,7 @@ +1999-08-23 Ken Raeburn + + * krb5_err.et (KRB5_CC_NOT_KTYPE): New error code. + 1999-07-29 Ken Raeburn * Makefile.in: Delete dependency info for isode error table that diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et index b483116e1..5d47c0c2f 100644 --- a/src/lib/krb5/error_tables/krb5_err.et +++ b/src/lib/krb5/error_tables/krb5_err.et @@ -262,6 +262,7 @@ error_code KRB5_FCC_INTERNAL, "Internal file credentials cache error" error_code KRB5_CC_WRITE, "Error writing to credentials cache file" error_code KRB5_CC_NOMEM, "No more memory to allocate (in credentials cache code)" error_code KRB5_CC_FORMAT, "Bad format in credentials cache" +error_code KRB5_CC_NOT_KTYPE, "No credentials found with supported encryption types" # errors for dual tgt library calls error_code KRB5_INVALID_FLAGS, "Invalid KDC option combination (library internal error)" diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 3377f5fe2..470174a04 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,37 @@ +1999-08-26 Ken Raeburn + + * init_ctx.c (get_profile_etype_list): Update name of the des3 + entry in the default etype list. + +1999-08-23 Ken Raeburn + + * init_ctx.c (get_profile_etype_list): New argument DESONLY; if + set, ignore any ktype values other than NULL, DES_CBC_CRC, and + DES_CBC_MD5. + (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it. + (krb5_get_permitted_enctypes): Don't set it. + + * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES + when calling krb5_cc_retrieve_cred. + * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto. + * get_creds.c (krb5_get_credentials_core): Set that flag. + (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return. + +1999-08-17 Ken Raeburn + + * t_ser.c (main): Disable eblock serialization test, since the + code it tests was disabled nearly a year ago. + + * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra + argument to sprintf. + +1999-08-10 Alexandra Ellwood + + * chpw.c (krb5_mk_chpw_req): + Added call to free cipherpw.data. cipherpw.data is allocated + by krb5_mk_priv and passed back. Since cipherpw is never + passed back, krb5_mk_chpw_req should free it. + 1999-08-05 Danilo Almeida * init_ctx.c (krb5_init_context): Document why krb5_win_ccdll_load diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c index 70f1bd82a..f3c6eb6de 100644 --- a/src/lib/krb5/krb/chpw.c +++ b/src/lib/krb5/krb/chpw.c @@ -12,27 +12,32 @@ krb5_mk_chpw_req(context, auth_context, ap_req, passwd, packet) char *passwd; krb5_data *packet; { - krb5_error_code ret; + krb5_error_code ret = 0; krb5_data clearpw; krb5_data cipherpw; krb5_replay_data replay; char *ptr; + cipherpw.data = NULL; + if (ret = krb5_auth_con_setflags(context, auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE)) - return(ret); + goto cleanup; clearpw.length = strlen(passwd); clearpw.data = passwd; if (ret = krb5_mk_priv(context, auth_context, &clearpw, &cipherpw, &replay)) - return(ret); + goto cleanup; packet->length = 6 + ap_req->length + cipherpw.length; packet->data = (char *) malloc(packet->length); if (packet->data == NULL) - return ENOMEM; + { + ret = ENOMEM; + goto cleanup; + } ptr = packet->data; /* length */ @@ -59,7 +64,11 @@ krb5_mk_chpw_req(context, auth_context, ap_req, passwd, packet) memcpy(ptr, cipherpw.data, cipherpw.length); - return(0); +cleanup: + if(cipherpw.data != NULL) /* allocated by krb5_mk_priv */ + free(cipherpw.data); + + return(ret); } KRB5_DLLIMP krb5_error_code KRB5_CALLCONV diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 0a8ce2240..2ae1bb136 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -93,7 +93,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc, } /* fetch tgt directly from cache */ - retval = krb5_cc_retrieve_cred (context, cc, 0, &creds, &tgt); + retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES, + &creds, &tgt); if (retval) goto errout; diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index ac31b466d..ed6bc55a7 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -118,10 +118,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) } if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { - if (retval != KRB5_CC_NOTFOUND) { + if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) { goto cleanup; } @@ -154,7 +154,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) goto cleanup; if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { goto cleanup; } @@ -217,10 +217,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) goto cleanup; if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { - if (retval != KRB5_CC_NOTFOUND) { + if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) { goto cleanup; } @@ -280,7 +280,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) goto cleanup; if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { if (retval != KRB5_CC_NOTFOUND) { goto cleanup; diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 4fbf4cf33..240143931 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -69,7 +69,8 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds, mcreds->client = in_creds->client; *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ - | KRB5_TC_MATCH_AUTHDATA ; + | KRB5_TC_MATCH_AUTHDATA + | KRB5_TC_SUPPORTED_KTYPES; if (mcreds->keyblock.enctype) *fields |= KRB5_TC_MATCH_KTYPE; if (options & KRB5_GC_USER_USER) { @@ -120,7 +121,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) *out_creds = ncreds; } - if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED) + if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) + || options & KRB5_GC_CACHED) return retval; retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts); diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 2ddd2d0c5..8137843a7 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -250,12 +250,13 @@ krb5_set_default_in_tkt_ktypes(context, ktypes) } static krb5_error_code -get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list) +get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list, desonly) krb5_context context; krb5_enctype **ktypes; char *profstr; int ctx_count; krb5_enctype FAR *ctx_list; + int desonly; { krb5_enctype *old_ktypes; @@ -283,7 +284,7 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list) code = profile_get_string(context->profile, "libdefaults", profstr, NULL, - "des3-hmac-sha1 des-cbc-md5 des-cbc-crc", + "des3-cbc-sha1 des-cbc-md5 des-cbc-crc", &retval); if (code) return code; @@ -313,8 +314,21 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list) j = 0; i = 1; while (1) { - if (! krb5_string_to_enctype(sp, &old_ktypes[j])) + if (! krb5_string_to_enctype(sp, &old_ktypes[j])) { + switch (old_ktypes[j]) { + default: + if (desonly) + /* Other types not supported yet. */ + break; + /* else fall through */ + + case ENCTYPE_NULL: + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: j++; + break; + } + } if (i++ >= count) break; @@ -339,7 +353,7 @@ krb5_get_default_in_tkt_ktypes(context, ktypes) { return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes", context->in_tkt_ktype_count, - context->in_tkt_ktypes)); + context->in_tkt_ktypes, 1)); } krb5_error_code @@ -382,7 +396,7 @@ krb5_get_tgs_ktypes(context, princ, ktypes) { return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes", context->tgs_ktype_count, - context->tgs_ktypes)); + context->tgs_ktypes, 1)); } krb5_error_code @@ -392,7 +406,7 @@ krb5_get_permitted_enctypes(context, ktypes) { return(get_profile_etype_list(context, ktypes, "permitted_enctypes", context->tgs_ktype_count, - context->tgs_ktypes)); + context->tgs_ktypes, 0)); } krb5_boolean diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c index 7041f618c..b2a37e880 100644 --- a/src/lib/krb5/krb/str_conv.c +++ b/src/lib/krb5/krb/str_conv.c @@ -500,7 +500,7 @@ krb5_timestamp_to_sfstring(timestamp, buffer, buflen, pad) if (buflen >= sftime_default_len) { sprintf(buffer, sftime_default_fmt, tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year, - tmp->tm_hour, tmp->tm_min, tmp->tm_sec); + tmp->tm_hour, tmp->tm_min); ndone = strlen(buffer); } } diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index 4ca3b5399..c17af31e5 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -167,8 +167,10 @@ ser_data(verbose, msg, ctx, dtype) krb5_encrypt_block *eblock; eblock = (krb5_encrypt_block *) nctx; +#if 0 if (eblock->priv && eblock->priv_size) krb5_xfree(eblock->priv); +#endif if (eblock->key) krb5_free_keyblock(ser_ctx, eblock->key); krb5_xfree(eblock); @@ -525,8 +527,10 @@ ser_eblock_test(kcontext, verbose) krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE); if (!(kret = ser_data(verbose, "> NULL eblock", (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { +#if 0 eblock.priv = (krb5_pointer) stuff; eblock.priv_size = 8; +#endif if (!(kret = ser_data(verbose, "> eblock with private data", (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { @@ -676,9 +680,11 @@ main(argc, argv) case 'C': do_ctest = 1; break; +#if 0 case 'E': do_etest = 1; break; +#endif case 'K': do_ktest = 1; break; @@ -737,12 +743,14 @@ main(argc, argv) if (kret) goto fail; } +#if 0 /* code to be tested is currently disabled */ if (do_etest) { ch_err = 'e'; kret = ser_eblock_test(kcontext, verbose); if (kret) goto fail; } +#endif if (do_ptest) { ch_err = 'p'; kret = ser_princ_test(kcontext, verbose); diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index 4ebcecbfa..a77bf6181 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,5 +1,45 @@ +1999-08-26 Danilo Almeida + + * kuserok.c (krb5_kuserok): Fix improper negation in + non-Unix localname check. Also fix calling convention + before this function is exported by the Windows DLL. + + * localaddr.c (krb5_os_localaddr): Fix memset to clear + right address list. (Thanks to jaltman@columbia.edu). + +1999-08-21 Danilo Almeida + + * localaddr.c (krb5_os_localaddr): Use multiple addresses, if + present, on Mac and Windows. + +1999-08-17 Ken Raeburn + + * get_krbhst.c (krb5_get_krbhst): Fix double-indirection + confusion. Do actually copy string contents to newly allocated + storage. + +1999-08-10 Alexandra Ellwood + + * changepw.c (krb5_change_password): + Reorganized code so that krb5_change_password actually frees + everything it allocated on error. Also fixed some memory + leaks which happened even without an error occurring. + +1999-08-09 Danilo Almeida + + * prompter.c (krb5_prompter_posix): Provide Win32 implementation + so that kinit and such work under Win32. + 1999-08-06 Danilo Almeida + * def_realm.c (krb5_get_default_realm): + * hst_realm.c (krb5_get_host_realm): Make sure we have FQDN + in the case where we use gethostname. + + * def_realm.c (krb5_get_default_realm): Check that we have + a realm before trying to copy it (since profile_get_string + may return no error but not get anything). + * init_os_ctx.c (krb5_get_profile): Fix calling convention. 1999-08-05 Danilo Almeida diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c index 779fc89a8..485149e77 100644 --- a/src/lib/krb5/os/changepw.c +++ b/src/lib/krb5/os/changepw.c @@ -57,8 +57,8 @@ krb5_change_password(context, creds, newpw, result_code, krb5_address local_kaddr, remote_kaddr; const char *realm_kdc_names[4]; int default_port; - char **hostlist, *host, *port, *cp, *code_string; - krb5_error_code code; + char **hostlist, *host, *tmphost, *port, *cp, *code_string; + krb5_error_code code = 0; int i, j, out, count, addrlen; struct sockaddr *addr_p, local_addr, remote_addr, tmp_addr; struct sockaddr_in *sin_p; @@ -68,17 +68,30 @@ krb5_change_password(context, creds, newpw, result_code, u_short udpport = htons(KRB5_DEFAULT_PORT); #endif int cc, local_result_code, tmp_len; - SOCKET s1, s2; + SOCKET s1 = INVALID_SOCKET, s2 = INVALID_SOCKET; + /* Initialize values so that cleanup call can safely check for NULL */ auth_context = NULL; - + addr_p = NULL; + host = NULL; + hostlist = NULL; + memset(&chpw_req, 0, sizeof(krb5_data)); + memset(&chpw_rep, 0, sizeof(krb5_data)); + memset(&ap_req, 0, sizeof(krb5_data)); + + /* initialize auth_context so that we know we have to free it */ + if ((code = krb5_auth_con_init(context, &auth_context))) + goto cleanup; + if (code = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY, NULL, creds, &ap_req)) - return(code); + goto cleanup; - if ((host = malloc(krb5_princ_realm(context, creds->client)->length + 1)) - == NULL) - return ENOMEM; + if ((host = malloc(krb5_princ_realm(context, creds->client)->length + 1)) == NULL) + { + code = ENOMEM; + goto cleanup; + } strncpy(host, krb5_princ_realm(context, creds->client)->data, krb5_princ_realm(context, creds->client)->length); @@ -94,23 +107,27 @@ krb5_change_password(context, creds, newpw, result_code, code = profile_get_values(context->profile, realm_kdc_names, &hostlist); - if (code == PROF_NO_RELATION) { - realm_kdc_names[2] = "admin_server"; - - default_port = 1; - - code = profile_get_values(context->profile, realm_kdc_names, - &hostlist); - } - - krb5_xfree(host); + if (code == PROF_NO_RELATION) + { + realm_kdc_names[2] = "admin_server"; + default_port = 1; + code = profile_get_values(context->profile, realm_kdc_names, &hostlist); + } if (code == PROF_NO_SECTION) - return KRB5_REALM_UNKNOWN; - else if (code == PROF_NO_RELATION) - return KRB5_CONFIG_BADFORMAT; - else if (code) - return code; + { + code = KRB5_REALM_UNKNOWN; + goto cleanup; + } + else + if (code == PROF_NO_RELATION) + { + code = KRB5_CONFIG_BADFORMAT; + goto cleanup; + } + else + if (code) + goto cleanup; #ifdef HAVE_NETINET_IN_H /* XXX should look for "kpasswd" in /etc/services */ @@ -122,28 +139,34 @@ krb5_change_password(context, creds, newpw, result_code, count++; if (count == 0) - /* XXX */ - return(KADM_NO_HOST); + { + /* XXX */ + code = KADM_NO_HOST; + goto cleanup; + } addr_p = (struct sockaddr *) malloc(sizeof(struct sockaddr) * count); if (addr_p == NULL) - return ENOMEM; + { + code = ENOMEM; + goto cleanup; + } - host = hostlist[0]; + tmphost = hostlist[0]; out = 0; /* * Strip off excess whitespace */ - cp = strchr(host, ' '); + cp = strchr(tmphost, ' '); if (cp) - *cp = 0; - cp = strchr(host, '\t'); + *cp = 0; + cp = strchr(tmphost, '\t'); if (cp) - *cp = 0; - port = strchr(host, ':'); + *cp = 0; + port = strchr(tmphost, ':'); if (port) { - *port = 0; + *port = 0; port++; /* if the admin_server line was used, ignore the specified port */ @@ -152,40 +175,46 @@ krb5_change_password(context, creds, newpw, result_code, } hp = gethostbyname(hostlist[0]); - if (hp != 0) { - switch (hp->h_addrtype) { + if (hp != 0) + { + switch (hp->h_addrtype) + { #ifdef HAVE_NETINET_IN_H - case AF_INET: - for (j=0; hp->h_addr_list[j]; j++) { - sin_p = (struct sockaddr_in *) &addr_p[out++]; - memset ((char *)sin_p, 0, sizeof(struct sockaddr)); - sin_p->sin_family = hp->h_addrtype; - sin_p->sin_port = port ? htons(atoi(port)) : udpport; - memcpy((char *)&sin_p->sin_addr, - (char *)hp->h_addr_list[j], - sizeof(struct in_addr)); - if (out+1 >= count) { - count += 5; - addr_p = (struct sockaddr *) - realloc ((char *)addr_p, - sizeof(struct sockaddr) * count); - if (addr_p == NULL) - return ENOMEM; - } - } - break; + case AF_INET: + for (j=0; hp->h_addr_list[j]; j++) + { + sin_p = (struct sockaddr_in *) &addr_p[out++]; + memset ((char *)sin_p, 0, sizeof(struct sockaddr)); + sin_p->sin_family = hp->h_addrtype; + sin_p->sin_port = port ? htons(atoi(port)) : udpport; + memcpy((char *)&sin_p->sin_addr, + (char *)hp->h_addr_list[j], + sizeof(struct in_addr)); + if (out+1 >= count) + { + count += 5; + addr_p = (struct sockaddr *) + realloc ((char *)addr_p, sizeof(struct sockaddr) * count); + if (addr_p == NULL) + { + code = ENOMEM; + goto cleanup; + } + } + } + break; #endif - default: - break; - } - } - - profile_free_list(hostlist); - - if (out == 0) { /* Couldn't resolve any KDC names */ - free (addr_p); - return(KADM_NO_HOST); - } + default: + break; + } + } + + if (out == 0) + { + /* Couldn't resolve any KDC names */ + code = KADM_NO_HOST; + goto cleanup; + } /* this is really obscure. s1 is used for all communications. it is left unconnected in case the server is multihomed and routes @@ -203,187 +232,194 @@ krb5_change_password(context, creds, newpw, result_code, hostname resolution to get the local ip addr) will work and interoperate if the client is single-homed. */ - if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) { - free(addr_p); - return(SOCKET_ERRNO); - } - - if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) { - free(addr_p); - return(SOCKET_ERRNO); - } - - for (i=0; isin_addr.s_addr != 0) { - local_kaddr.addrtype = ADDRTYPE_INET; - local_kaddr.length = - sizeof(((struct sockaddr_in *) &local_addr)->sin_addr); - local_kaddr.contents = - (krb5_octet *) &(((struct sockaddr_in *) &local_addr)->sin_addr); - } else { - krb5_address **addrs; - - krb5_os_localaddr(context, &addrs); - local_kaddr.magic = addrs[0]->magic; - local_kaddr.addrtype = addrs[0]->addrtype; - local_kaddr.length = addrs[0]->length; - local_kaddr.contents = malloc(addrs[0]->length); - memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length); - - krb5_free_addresses(context, addrs); - } - - addrlen = sizeof(remote_addr); - if (getpeername(s2, &remote_addr, &addrlen) < 0) { - if ((SOCKET_ERRNO == ECONNREFUSED) || - (SOCKET_ERRNO == EHOSTUNREACH)) - continue; /* try the next addr */ - free(addr_p); - closesocket(s1); - closesocket(s2); - return(SOCKET_ERRNO); - } - - remote_kaddr.addrtype = ADDRTYPE_INET; - remote_kaddr.length = - sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr); - remote_kaddr.contents = - (krb5_octet *) &(((struct sockaddr_in *) &remote_addr)->sin_addr); - - /* mk_priv requires that the local address be set. - getsockname is used for this. rd_priv requires that the - remote address be set. recvfrom is used for this. If - rd_priv is given a local address, and the message has the - recipient addr in it, this will be checked. However, there - is simply no way to know ahead of time what address the - message will be delivered *to*. Therefore, it is important - that either no recipient address is in the messages when - mk_priv is called, or that no local address is passed to - rd_priv. Both is a better idea, and I have done that. In - summary, when mk_priv is called, *only* a local address is - specified. when rd_priv is called, *only* a remote address - is specified. Are we having fun yet? */ - - if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, - NULL)) { - free(addr_p); - closesocket(s1); - closesocket(s2); - return(code); - } - - if (code = krb5_mk_chpw_req(context, auth_context, &ap_req, - newpw, &chpw_req)) { - free(addr_p); - closesocket(s1); - closesocket(s2); - return(code); - } - - if ((cc = sendto(s1, chpw_req.data, chpw_req.length, 0, - (struct sockaddr *) &addr_p[i], - sizeof(addr_p[i]))) != - chpw_req.length) { - if ((cc < 0) && ((SOCKET_ERRNO == ECONNREFUSED) || - (SOCKET_ERRNO == EHOSTUNREACH))) - continue; /* try the next addr */ - free(addr_p); - closesocket(s1); - closesocket(s2); - return((cc < 0)?SOCKET_ERRNO:ECONNABORTED); - } - - krb5_xfree(chpw_req.data); - - chpw_rep.length = 1500; - chpw_rep.data = (char *) malloc(chpw_rep.length); - - /* XXX need a timeout/retry loop here */ - - /* "recv" would be good enough here... except that Windows/NT - commits the atrocity of returning -1 to indicate failure, - but leaving errno set to 0. - - "recvfrom(...,NULL,NULL)" would seem to be a good enough - alternative, and it works on NT, but it doesn't work on - SunOS 4.1.4 or Irix 5.3. Thus we must actually accept the - value and discard it. */ - tmp_len = sizeof(tmp_addr); - if ((cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, 0, &tmp_addr, &tmp_len)) < 0) { - free(addr_p); - closesocket(s1); - closesocket(s2); - return(SOCKET_ERRNO); - } - - closesocket(s1); - closesocket(s2); - - chpw_rep.length = cc; - - if (code = krb5_auth_con_setaddrs(context, auth_context, NULL, - &remote_kaddr)) { - free(addr_p); - closesocket(s1); - closesocket(s2); - return(code); - } - - code = krb5_rd_chpw_rep(context, auth_context, &chpw_rep, - &local_result_code, result_string); - - free(chpw_rep.data); - free(addr_p); - - if (code) - return(code); - - if (result_code) - *result_code = local_result_code; - - if (result_code_string) { - if (code = krb5_chpw_result_code_string(context, local_result_code, - &code_string)) - return(code); - - result_code_string->length = strlen(code_string); - if ((result_code_string->data = - (char *) malloc(result_code_string->length)) == NULL) - return(ENOMEM); - strncpy(result_code_string->data, code_string, - result_code_string->length); - } - - return(0); - } - - free(addr_p); - closesocket(s1); - closesocket(s2); - return(SOCKET_ERRNO); + if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) + { + code = SOCKET_ERRNO; + goto cleanup; + } + + if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) + { + code = SOCKET_ERRNO; + goto cleanup; + } + + for (i=0; isin_addr.s_addr != 0) + { + local_kaddr.addrtype = ADDRTYPE_INET; + local_kaddr.length = sizeof(((struct sockaddr_in *) &local_addr)->sin_addr); + local_kaddr.contents = (krb5_octet *) &(((struct sockaddr_in *) &local_addr)->sin_addr); + } + else + { + krb5_address **addrs; + + krb5_os_localaddr(context, &addrs); + + local_kaddr.magic = addrs[0]->magic; + local_kaddr.addrtype = addrs[0]->addrtype; + local_kaddr.length = addrs[0]->length; + local_kaddr.contents = malloc(addrs[0]->length); + memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length); + + krb5_free_addresses(context, addrs); + } + + addrlen = sizeof(remote_addr); + if (getpeername(s2, &remote_addr, &addrlen) < 0) + { + if ((SOCKET_ERRNO == ECONNREFUSED) || (SOCKET_ERRNO == EHOSTUNREACH)) + continue; /* try the next addr */ + + code = SOCKET_ERRNO; + goto cleanup; + } + + remote_kaddr.addrtype = ADDRTYPE_INET; + remote_kaddr.length = sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr); + remote_kaddr.contents = (krb5_octet *) &(((struct sockaddr_in *) &remote_addr)->sin_addr); + + /* mk_priv requires that the local address be set. + getsockname is used for this. rd_priv requires that the + remote address be set. recvfrom is used for this. If + rd_priv is given a local address, and the message has the + recipient addr in it, this will be checked. However, there + is simply no way to know ahead of time what address the + message will be delivered *to*. Therefore, it is important + that either no recipient address is in the messages when + mk_priv is called, or that no local address is passed to + rd_priv. Both is a better idea, and I have done that. In + summary, when mk_priv is called, *only* a local address is + specified. when rd_priv is called, *only* a remote address + is specified. Are we having fun yet? */ + + if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL)) + { + code = SOCKET_ERRNO; + goto cleanup; + } + + if (code = krb5_mk_chpw_req(context, auth_context, &ap_req, newpw, &chpw_req)) + { + code = SOCKET_ERRNO; + goto cleanup; + } + + if ((cc = sendto(s1, chpw_req.data, chpw_req.length, 0, + (struct sockaddr *) &addr_p[i], + sizeof(addr_p[i]))) != chpw_req.length) + { + if ((cc < 0) && ((SOCKET_ERRNO == ECONNREFUSED) || + (SOCKET_ERRNO == EHOSTUNREACH))) + continue; /* try the next addr */ + + code = (cc < 0) ? SOCKET_ERRNO : ECONNABORTED; + goto cleanup; + } + + chpw_rep.length = 1500; + chpw_rep.data = (char *) malloc(chpw_rep.length); + + /* XXX need a timeout/retry loop here */ + + /* "recv" would be good enough here... except that Windows/NT + commits the atrocity of returning -1 to indicate failure, + but leaving errno set to 0. + + "recvfrom(...,NULL,NULL)" would seem to be a good enough + alternative, and it works on NT, but it doesn't work on + SunOS 4.1.4 or Irix 5.3. Thus we must actually accept the + value and discard it. */ + tmp_len = sizeof(tmp_addr); + if ((cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, 0, &tmp_addr, &tmp_len)) < 0) + { + code = SOCKET_ERRNO; + goto cleanup; + } + + closesocket(s1); + s1 = INVALID_SOCKET; + closesocket(s2); + s2 = INVALID_SOCKET; + + chpw_rep.length = cc; + + if (code = krb5_auth_con_setaddrs(context, auth_context, NULL, &remote_kaddr)) + goto cleanup; + + if(code = krb5_rd_chpw_rep(context, auth_context, &chpw_rep, + &local_result_code, result_string)) + goto cleanup; + + if (result_code) + *result_code = local_result_code; + + if (result_code_string) + { + if (code = krb5_chpw_result_code_string(context, local_result_code, + &code_string)) + goto cleanup; + + result_code_string->length = strlen(code_string); + if ((result_code_string->data = + (char *) malloc(result_code_string->length)) == NULL) + return(ENOMEM); + strncpy(result_code_string->data, code_string, result_code_string->length); + } + + code = 0; + goto cleanup; + } + + code = SOCKET_ERRNO; + +cleanup: + if(auth_context != NULL) + krb5_auth_con_free(context, auth_context); + + if(host != NULL) + krb5_xfree(host); + + if(addr_p != NULL) + krb5_xfree(addr_p); + + if(hostlist != NULL) + profile_free_list(hostlist); + + if(s1 != INVALID_SOCKET) + closesocket(s1); + + if(s2 != INVALID_SOCKET) + closesocket(s2); + + krb5_free_data_contents(context, &chpw_req); + krb5_free_data_contents(context, &chpw_rep); + krb5_free_data_contents(context, &ap_req); + + return(code); } diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c index 44a4e9381..5c054bd42 100644 --- a/src/lib/krb5/os/def_realm.c +++ b/src/lib/krb5/os/def_realm.c @@ -76,7 +76,7 @@ krb5_get_default_realm(context, lrealm) "default_realm", 0, 0, &realm); - if (!retval) { + if (!retval && realm) { context->default_realm = malloc(strlen(realm) + 1); if (!context->default_realm) { profile_release_string(realm); @@ -101,10 +101,26 @@ krb5_get_default_realm(context, lrealm) */ char localhost[MAX_DNS_NAMELEN+1]; char * p; - localhost[0] = localhost[sizeof(localhost)-1] = 0; - gethostname(localhost,MAX_DNS_NAMELEN); - + struct hostent * h; + + localhost[0] = 0; + gethostname(localhost, sizeof(localhost)); + localhost[sizeof(localhost) - 1] = 0; + if ( localhost[0] ) { + /* + * Try to make sure that we have a fully qualified + * name if possible. We want to be able to handle + * the case where gethostname returns a partial + * name (i.e., it has a dot, but it is not a + * FQDN). + */ + h = gethostbyname(localhost); + if (h) { + strncpy(localhost, h->h_name, sizeof(localhost)); + localhost[sizeof(localhost) - 1] = '\0'; + } + p = localhost; do { retval = krb5_try_realm_txt_rr("_kerberos", p, diff --git a/src/lib/krb5/os/get_krbhst.c b/src/lib/krb5/os/get_krbhst.c index c929bbaba..be2f3f934 100644 --- a/src/lib/krb5/os/get_krbhst.c +++ b/src/lib/krb5/os/get_krbhst.c @@ -64,8 +64,9 @@ krb5_get_krbhst(context, realm, hostlist) const char *realm_kdc_names[4]; krb5_error_code retval; int i, count; + char **rethosts; - *hostlist = 0; + rethosts = 0; realm_kdc_names[0] = "realms"; realm_kdc_names[1] = realm->data; @@ -99,25 +100,29 @@ krb5_get_krbhst(context, realm, hostlist) *cp = 0; } count = cpp - values; - *hostlist = malloc(sizeof(char *) * (count + 1)); - if (!*hostlist) { + rethosts = malloc(sizeof(char *) * (count + 1)); + if (!rethosts) { retval = ENOMEM; goto cleanup; } for (i = 0; i < count; i++) { - *hostlist[i] = malloc(strlen(values[i]) + 1); - if (!*hostlist[i]) { + int len = strlen (values[i]) + 1; + rethosts[i] = malloc(len); + if (!rethosts[i]) { retval = ENOMEM; goto cleanup; } + memcpy (rethosts[i], values[i], len); } - *hostlist[count] = 0; + rethosts[count] = 0; cleanup: - if (retval && *hostlist) { - for (cpp = *hostlist; *cpp; cpp++) + if (retval && rethosts) { + for (cpp = rethosts; *cpp; cpp++) free(*cpp); - free(*hostlist); + free(rethosts); + rethosts = 0; } profile_free_list(values); + *hostlist = rethosts; return retval; } diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index bda5e3706..3c05f5780 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -234,14 +234,26 @@ krb5_get_host_realm(context, host, realmsp) krb5_error_code retval; int l; char local_host[MAX_DNS_NAMELEN+1]; + struct hostent *h; + if (host) - strncpy(local_host, host, MAX_DNS_NAMELEN); + strncpy(local_host, host, sizeof(local_host)); else { - if (gethostname(local_host, sizeof(local_host)-1) == -1) + if (gethostname(local_host, sizeof(local_host)) == -1) return SOCKET_ERRNO; + /* + * Try to make sure that we have a fully qualified name if + * possible. We need to handle the case where the host has a + * dot but is not FQDN, so we call gethostbyname. + */ + h = gethostbyname(local_host); + if (h) { + strncpy(local_host, h->h_name, sizeof(local_host)); + } } - local_host[MAX_DNS_NAMELEN] = '\0'; + local_host[sizeof(local_host) - 1] = '\0'; + for (cp = local_host; *cp; cp++) { if (isupper(*cp)) *cp = tolower(*cp); diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index 6d3032e8e..eff6154fd 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -56,7 +56,7 @@ * */ -krb5_boolean +krb5_boolean KRB5_CALLCONV krb5_kuserok(context, principal, luser) krb5_context context; krb5_principal principal; @@ -143,7 +143,7 @@ krb5_kuserok(context, principal, luser) * If the given Kerberos name "server" translates to the same name as "luser" * (using * krb5_aname_to_lname()), returns TRUE. */ -krb5_boolean +krb5_boolean KRB5_CALLCONV krb5_kuserok(context, principal, luser) krb5_context context; krb5_principal principal; @@ -151,7 +151,7 @@ krb5_kuserok(context, principal, luser) { char kuser[50]; - if (! krb5_aname_to_localname(context, principal, sizeof(kuser), kuser)) + if (krb5_aname_to_localname(context, principal, sizeof(kuser), kuser)) return FALSE; if (strcmp(kuser, luser) == 0) diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index f55c35c78..82bcc4681 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -294,12 +294,11 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_os_localaddr (krb5_context context, krb5_address ***addr) { char host[64]; /* Name of local machine */ struct hostent *hostrec; - int err; - - *addr = calloc (2, sizeof (krb5_address *)); - if (*addr == NULL) - return ENOMEM; + int err, count, i; + krb5_address ** paddr; + *addr = 0; + paddr = 0; err = 0; if (gethostname (host, sizeof(host))) { @@ -319,27 +318,55 @@ krb5_os_localaddr (krb5_context context, krb5_address ***addr) { return err; } - (*addr)[0] = calloc (1, sizeof(krb5_address)); - if ((*addr)[0] == NULL) { - free (*addr); - return ENOMEM; + for (count = 0; hostrec->h_addr_list[count]; count++); + + + paddr = (krb5_address **)malloc(sizeof(krb5_address *) * (count+1)); + if (!paddr) { + err = ENOMEM; + goto cleanup; + } + + memset(paddr, 0, sizeof(krb5_address *) * (count+1)); + + for (i = 0; i < count; i++) + { + paddr[i] = (krb5_address *)malloc(sizeof(krb5_address)); + if (paddr[i] == NULL) { + err = ENOMEM; + goto cleanup; + } + + paddr[i]->magic = KV5M_ADDRESS; + paddr[i]->addrtype = hostrec->h_addrtype; + paddr[i]->length = hostrec->h_length; + paddr[i]->contents = (unsigned char *)malloc(paddr[i]->length); + if (!paddr[i]->contents) { + err = ENOMEM; + goto cleanup; + } + memcpy(paddr[i]->contents, + hostrec->h_addr_list[i], + paddr[i]->length); } - (*addr)[0]->magic = KV5M_ADDRESS; - (*addr)[0]->addrtype = hostrec->h_addrtype; - (*addr)[0]->length = hostrec->h_length; - (*addr)[0]->contents = (unsigned char *)malloc((*addr)[0]->length); - if (!(*addr)[0]->contents) { - free((*addr)[0]); - free(*addr); - return ENOMEM; - } else { - memcpy ((*addr)[0]->contents, - hostrec->h_addr, - (*addr)[0]->length); + + cleanup: + if (err) { + if (paddr) { + for (i = 0; i < count; i++) + { + if (paddr[i]) { + if (paddr[i]->contents) + free(paddr[i]->contents); + free(paddr[i]); + } + } + free(paddr); + } } - /* FIXME, deal with the case where gethostent returns multiple addrs */ + else + *addr = paddr; - return(0); + return(err); } #endif - diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c index 684c5b509..b43e0ae0e 100644 --- a/src/lib/krb5/os/prompter.c +++ b/src/lib/krb5/os/prompter.c @@ -121,6 +121,102 @@ cleanup: } #else /* MSDOS */ +#if defined(_WIN32) + +#include + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_prompter_posix(krb5_context context, + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]) +{ + HANDLE handle; + DWORD old_mode, new_mode; + char *ptr; + int scratchchar; + krb5_error_code errcode = 0; + int i; + + handle = GetStdHandle(STD_INPUT_HANDLE); + if (handle == INVALID_HANDLE_VALUE) + return ENOTTY; + if (!GetConsoleMode(handle, &old_mode)) + return ENOTTY; + + new_mode = old_mode; + new_mode |= ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT ); + new_mode &= ~( ENABLE_ECHO_INPUT ); + + if (!SetConsoleMode(handle, new_mode)) + return ENOTTY; + + if (!SetConsoleMode(handle, old_mode)) + return ENOTTY; + + if (name) { + fputs(name, stdout); + fputs("\n", stdout); + } + + if (banner) { + fputs(banner, stdout); + fputs("\n", stdout); + } + + for (i = 0; i < num_prompts; i++) { + if (prompts[i].hidden) { + if (!SetConsoleMode(handle, new_mode)) { + errcode = ENOTTY; + goto cleanup; + } + } + + fputs(prompts[i].prompt,stdout); + fputs(": ", stdout); + fflush(stdout); + memset(prompts[i].reply->data, 0, prompts[i].reply->length); + + if (fgets(prompts[i].reply->data, prompts[i].reply->length, stdin) + == NULL) { + if (prompts[i].hidden) + putchar('\n'); + errcode = KRB5_LIBOS_CANTREADPWD; + goto cleanup; + } + if (prompts[i].hidden) + putchar('\n'); + /* fgets always null-terminates the returned string */ + + /* replace newline with null */ + if ((ptr = strchr(prompts[i].reply->data, '\n'))) + *ptr = '\0'; + else /* flush rest of input line */ + do { + scratchchar = getchar(); + } while (scratchchar != EOF && scratchchar != '\n'); + + prompts[i].reply->length = strlen(prompts[i].reply->data); + + if (!SetConsoleMode(handle, old_mode)) { + errcode = ENOTTY; + goto cleanup; + } + } + + cleanup: + if (errcode) { + for (i = 0; i < num_prompts; i++) { + memset(prompts[i].reply->data, 0, prompts[i].reply->length); + } + } + return errcode; +} + +#else /* !_WIN32 */ + KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_prompter_posix(krb5_context context, void *data, @@ -129,7 +225,7 @@ krb5_prompter_posix(krb5_context context, int num_prompts, krb5_prompt prompts[]) { - return(EINVAL); + return(EINVAL); } -#endif /* !MSDOS */ - +#endif /* !_WIN32 */ +#endif /* !MSDOS */ diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index e4ef6c96c..948c4fefb 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -229,10 +229,10 @@ EXPORTS krb5_ser_rcache_init decode_krb5_ap_req krb5_mcc_ops - ; ;Added for Kermit 95 krb5_address_search krb5_auth_con_getrcache krb5_c_enctype_compare + krb5_kuserok diff --git a/src/mac/CFMGlue.pl b/src/mac/CFMGlue.pl index f74a3662d..f6386bb80 100644 --- a/src/mac/CFMGlue.pl +++ b/src/mac/CFMGlue.pl @@ -1,158 +1,298 @@ -#!/usr/athena/bin/perl -w +#!/usr/local/bin/perl -w +use strict; # Turn on careful syntax checking +use 5.002; # Require Perl 5.002 or later + +# Pre-declare globals, as required by "use strict" +use vars qw(%RESERVEDWORDS $file $prototype); + +# C words which aren't a type or a parameter name +# [digit] is special cased later on... %RESERVEDWORDS = ( - const => "const", - "*" => "*", - "[]" => "[]", - struct => "struct", - enum => "enum", - union => "union" + const => "const", + "*" => "*", + "[]" => "[]", + struct => "struct", + enum => "enum", + union => "union", + unsigned => "unsigned", + register => "register" ); -while() +# Read the entire file into $file +{ + local $/; + undef $/; # Ignore end-of-line delimiters in the file + $file .= ; +} + +# Remove the C and C++ comments from the file. +# If this regexp scares you, don't worry, it scares us too. +$file =~ s@/ # Both kinds of comment begin with a / + # First, process /* ... */ + ((\*[^*]*\*+ # 1: Identify /**, /***, /* foo *, etc. + ([^/*][^*]*\*+)* # 2: Match nothing, x*, x/*, x/y*, x*y* etc. + /) # 3: Look for the trailing /. If not present, back up + # through the matches from step 2 (x*y* becomes x*) + #### if we get here, we have /* ... */ + | # Or, it's // and we just need to match to the end of the line + (/.*?\n)) # 4. Slash, shortest possible run of characters ending in newline (\n) + @\n@xg; # => Replace match with a newline. + ### "x" modifier allows whitespace and comments in patterns + ### "g" modifier means "do this globally" + +$file =~ tr! \t\n! !s; # Convert newlines, tabs, and runs of spaces into single spaces + +foreach $prototype (split /;/, $file) # Break string apart at semicolons, pass each piece to our Convert routine { - chop($_); - $prototype = $_; - @splitup = split(/\s*\(\s*/, $prototype); - - # the return value type and the function name: - $temp = $splitup[0]; - $temp =~ s/\s*\*\s*/ \* /g; # add spaces around * - @funcAndArgs = split(/\s+/, $temp); - $functionName = $funcAndArgs[$#funcAndArgs]; - - # Is this function already in the Hash Table? - if(!exists($FUNCTIONS{$functionName})) - { - $FUNCTIONS{$functionName}{prototypeText} = $prototype; - pop @{funcAndArgs}; - $FUNCTIONS{$functionName}{returnType} = join(' ', @funcAndArgs); + Convert($prototype); +} + +exit (0); + +# ======================================== +# Subroutines follow +# ======================================== + +sub Convert() +{ + # Take our special C-style function prototypes and print out the + # appropriate glue code. + + my $prototype = shift; + my ($returnType, $functionName, $paramString); + my (@parameters, @types); + + return if ($prototype =~ /^\s*$/); # Ignore blank lines + # Use custom function to remove leading & trailing spaces & + # collapse runs of spaces. + $prototype = StripSpaces($prototype); + + # ==================== + # STAGE 1.1: Get the function name and return type. + # Do general syntax checking. + # ==================== + + # See if we have a legal prototype and begin parsing. A legal prototype has + # a return type (optional), function name, and parameter list. + unless ($prototype =~ /((\w+\*? )*(\w+\*?)) (\w+)\s*\((.*)\)$/) + { + die "Prototype \"$prototype;\" does not appear to be a legal prototype.\n"; + } + + # That unless had a nice side effect -- the parentheses in the regular expression + # stuffed the matching parts of the expression into variables $1, $2, and $3. + + ($returnType, $functionName) = ($1, $4); + # Kill 2 birds at a time -- get rid of leading & trailing spaces *and* get an + # empty string back if there are no parameters + $paramString = StripSpaces($5); + + # Insist on having an argument list in the prototype + unless ($paramString) + { + die("Prototype: \"$prototype;\" has no arguments.\n" . + "This is ambiguous between C and C++ (please specify " . + "either (int) or (void)).\n"); + } + + # Check for variable arguments by looking for + # "va_list " or "..." + if(($paramString =~ /va_list\s+\S+/) or # va_list + spaces + not-a-spaces + ($paramString =~ /\Q.../)) # \Q = "quote metacharacters" => \.\.\. + { + die("Prototype: \"$prototype;\" takes a variable " . + "number of arguments. Variable arguments are not " . + "supported by CFM Glue.\n"); + } + + # ==================== + # STAGE 1.2: Digest the parameter list. + # ==================== + + if ($paramString eq "void") + { + $parameters[0] = "void"; + $types[0] = "void"; + } + else + { + # The function has nonvoid arguments - # the arguments: - @splitup2 = split(/\s*\)\s*/, $splitup[1]); - @argsAndParams = split(/\s*,\s*/, $splitup2[0]); + # Add spaces around * and turn [#] into [#] with spaces around it + # for ease of parsing + $paramString =~ s/\s*\*\s*/ \* /g; + $paramString =~ s/\s*\[(\d*)\]\s*/ [$1] /g; + + # Extract the list elements + my @arguments = split /,\s*/, $paramString; - for($i = 0, $j = 1; $i <= $#argsAndParams; $i++, $j++) - { - $temp = $argsAndParams[$i]; - $temp =~ s/\s*\*\s*/ \* /g; # add spaces around * - $temp =~ s/\s*\[\]\s*/ \[\] /g; # add spaces around [] - - @elements = split(/\s+/, $temp); - - # Is there a parameter name in this argument? - $identifierCount = 0; - foreach $element (@elements) - { - if(!exists($RESERVEDWORDS{$element})) { - $identifierCount++; + # Make sure we don't have more than 13 arguments + if ($#arguments >= 13) + { + die "Prototype \"$prototype;\" has more than 13 arguments,\n". + "which the CFM68K glue will not support."; } - } - - if(($identifierCount > 2) or ($identifierCount < 1)) { - print("************** $argsAndParams ****************"); - die; - } - - if($identifierCount >= 2) { - $param = $elements[$#elements]; - pop(@elements); - if($param eq "[]") { - $param = $elements[$#elements]; - pop(@elements); - push(@elements, '*'); + + # We need to look at each argument and come out with two lists: a list + # of parameter names and a corresponding list of parameter types. For example: + # ( const int x, short y[], int ) + # needs to become two lists: + # @parameters = ("x", "y", "__param0") + # @elements = ("const int", "short *", int) + my $i = 0; # parameter counter + foreach my $argument (@arguments) + { + my @elements = split(' ', $argument); + + # A legal argument will have a name and/or a parameter type. + # It might _also_ have some C keywords + # We'll syntax check the argument by counting the number of things + # which are names and/or variable types + my $identifierCount = grep { !$RESERVEDWORDS{$_} && !/\[\d*\]/ } @elements; + + if ($identifierCount == 1) { + # We have a type without a name, so generate an arbitrary unique name + push @parameters, "__param" . $i; + } + elsif ($identifierCount == 2) { + # We have a type and a name. We'll assume the name is the last thing seen, + my $paramName = pop @elements; + # ...but have to make certain it's not a qualified array reference + if ($paramName =~ /\[\d*\]/) + { + # Whoops...the argument ended in a [], so extract the name and put back + # the array notation + my $temp = $paramName; + $paramName = pop @elements; + push @elements, $temp; + } + push @parameters, $paramName; + } + else # $identifierCount == 0 or $identifierCount > 2 + { + die("Prototype: \"$prototype;\" has an " . + "invalid number ($identifierCount)" . + " of non-reserved words in argument '$argument'.\n"); + } + + # Replace all "[]" with "*" to turn array references into pointers. + # "map" sets $_ to each array element in turn; modifying $_ modifies + # the corresponding value in the array. (s -- substutition -- works + # on $_ by default.) + map { s/\[\d*\]/*/ } @elements; + + push @types, join(' ', @elements); # Construct a type definition + + # Increment the argument counter: + $i++; } - $type = join(' ', @elements); - } else { - $type = $argsAndParams[$i]; - $param = "param" . $j; - } - $FUNCTIONS{$functionName}{typeList}[$i] = $type; - $FUNCTIONS{$functionName}{paramList}[$i] = $param; } - } -} -foreach $function (keys(%FUNCTIONS)) -{ - # the variables we will be playing with: - $name = $function; - $retType = $FUNCTIONS{$function}{returnType}; - $prototype = $FUNCTIONS{$function}{prototypeText}; - @args = @{ $FUNCTIONS{$function}{typeList} }; - @params = @{ $FUNCTIONS{$function}{paramList} }; - - - # Now Generate the ProcInfo Macro: - # -------------------------------- - print("/**** $name ****/\n"); - print("/* $prototype */\n\n"); - - print("enum {\n"); - print(" $name" . "_ProcInfo = kThinkCStackBased\n"); - if($retType ne "void") { - print(" | RESULT_SIZE(SIZE_CODE(sizeof($retType)))\n"); - } - for($i = 0, $j = 1; $i <= $#args; $i++, $j++) - { - $arg = $args[$i]; - print(" | STACK_ROUTINE_PARAMETER($j, SIZE_CODE(sizeof($arg)))\n"); - } - print("};\n\n"); - - # Now Generate the ProcPtr Typedef - # -------------------------------- - print("typedef "); - print("$retType "); - print("(*$name" . "_ProcPtrType)("); - - for($i = 0; $i<=$#args; $i++) { - $arg = $args[$i]; - print("$arg"); - if ($i ne $#args) { - print (", "); - } - } - print(");\n"); - - - # Now Generate the Static 68K Function Declaration: - # ------------------------------------------------- - print("$retType $name (\n"); - for($i = 0; $i <= $#args; $i++) - { - for($j = 0; $j <= length($retType); $j++) { - print(" "); + # ==================== + # STAGE 2: Print out the glue. + # ==================== + + # Generate the ProcInfo Macro: + # ---------------------------- + my $result = ""; # Will be inserted into the final macro + if ($returnType ne "void") { + $result = "\n | RESULT_SIZE(SIZE_CODE(sizeof($returnType)))"; } - print($args[$i] . ' ' . $params[$i]); - if($i >= $#args) { - print(")\n"); - } else { - print(",\n"); + + # Convert a list of parameter types into entries for the macro. + # All non-void parameters need to have a line in the final macro. + my @parameterMacros; + my $paramCount = -1; + @parameterMacros = map { $paramCount++; $_ eq "void" ? "" : + " | STACK_ROUTINE_PARAMETER(" . ($paramCount + 1) . ", SIZE_CODE(sizeof($_)))" } @types; + my $macroString = join "\n", @parameterMacros; + + print <= $#args) { - print(");\n"); - } else { - print(", "); + else + { + my @joinedList; + # Merge the parameter and type lists together + foreach my $i (0..$#types) + { + push @joinedList, ($types[$i] . ' ' . $parameters[$i]); + } + + # Build a list of parameters where each parameter is aligned vertically + # beneath the one above. + # "' ' x 5" is a Perl technique to get a string of 5 spaces + $fnArguments = join (",\n".(' ' x length($functionDec)), @joinedList); + } + + # Create a list of parameters to pass to the 68K function + my $fnParams = ""; + if($types[0] ne "void") { + $fnParams = join ", ", @parameters; } - } - - print("}\n\n\n"); + + # Do we have an explicit return statement? This depends on the return type + my $returnAction = " "; + $returnAction = "return " if ($returnType ne "void"); + + # The following code introduces a new Perl trick -- ${a} is the same as $a in a string + # (interpolate the value of variable $a); the brackets are used to seperate the variable + # name from the text immediately following the variable name so the Perl interpreter + # doesn't go looking for the wrong variable. + print < -#include /* Hardcode library fragment name here */ -#define kLibraryName "\pK5Library" +#define kLibraryName "\pMIT Kerberos¥Kerberos5Lib" diff --git a/src/mac/K5.CFMglue.proto.h b/src/mac/K5.CFMglue.proto.h index 65a04414d..ddf86adf5 100644 --- a/src/mac/K5.CFMglue.proto.h +++ b/src/mac/K5.CFMglue.proto.h @@ -1,27 +1,249 @@ -krb5_error_code krb5_init_context(krb5_context *); -void krb5_free_context(krb5_context); -krb5_error_code krb5_get_credentials(krb5_context, const krb5_flags, krb5_ccache, krb5_creds *, krb5_creds **); -krb5_error_code krb5_mk_req_extended(krb5_context, krb5_auth_context *, const krb5_flags, krb5_data *, krb5_creds *, krb5_data * ); -krb5_error_code krb5_rd_rep(krb5_context, krb5_auth_context, const krb5_data *, krb5_ap_rep_enc_part **); -krb5_error_code krb5_copy_keyblock(krb5_context, const krb5_keyblock *, krb5_keyblock **); -void krb5_init_ets(krb5_context); -krb5_error_code krb5_cc_default(krb5_context, krb5_ccache *); -void krb5_free_principal(krb5_context, krb5_principal ); -void krb5_free_creds(krb5_context, krb5_creds *); -void krb5_free_cred_contents(krb5_context, krb5_creds *); -void krb5_free_keyblock(krb5_context, krb5_keyblock *); -void krb5_free_ap_rep_enc_part(krb5_context, krb5_ap_rep_enc_part *); -krb5_error_code krb5_sname_to_principal(krb5_context, const char *, const char *, krb5_int32, krb5_principal *); -krb5_error_code krb5_fwd_tgt_creds(krb5_context, krb5_auth_context, char *, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data *); -krb5_error_code krb5_auth_con_init(krb5_context, krb5_auth_context *); -krb5_error_code krb5_auth_con_free(krb5_context, krb5_auth_context); -krb5_error_code krb5_auth_con_setflags(krb5_context, krb5_auth_context, krb5_int32); -krb5_error_code krb5_auth_con_setaddrs(krb5_context, krb5_auth_context, krb5_address *, krb5_address *); -krb5_error_code krb5_auth_con_setports(krb5_context, krb5_auth_context, krb5_address *, krb5_address *); -krb5_error_code krb5_auth_con_getlocalsubkey(krb5_context, krb5_auth_context, krb5_keyblock **); -krb5_error_code krb5_auth_con_genaddrs(krb5_context, krb5_auth_context, int, int); -int mit_des_ecb_encrypt(const mit_des_cblock *, mit_des_cblock *, mit_des_key_schedule , int ); -krb5_error_code mit_des_init_random_key( const krb5_encrypt_block *, const krb5_keyblock *, krb5_pointer *); -int mit_des_key_sched(mit_des_cblock , mit_des_key_schedule ); -krb5_error_code mit_des_random_key( const krb5_encrypt_block *, krb5_pointer , krb5_keyblock * *); -void com_err_va(const char *whoami, errcode_t code, const char *fmt, va_list ap)); +krb5_error_code krb5_c_encrypt (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*ivec, const krb5_data*input, krb5_enc_data*output); +krb5_error_code krb5_c_decrypt (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*ivec, const krb5_enc_data*input, krb5_data*output); +krb5_error_code krb5_c_encrypt_length (krb5_context context, krb5_enctype enctype, size_t inputlen, size_t*length); +krb5_error_code krb5_c_block_size (krb5_context context, krb5_enctype enctype, size_t*blocksize); +krb5_error_code krb5_c_make_random_key (krb5_context context, krb5_enctype enctype, krb5_keyblock*random_key); +krb5_error_code krb5_c_random_make_octets (krb5_context context, krb5_data*data); +krb5_error_code krb5_c_random_seed (krb5_context context, krb5_data*data); +krb5_error_code krb5_c_string_to_key (krb5_context context, krb5_enctype enctype, const krb5_data*string, const krb5_data*salt, krb5_keyblock*key); +krb5_error_code krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean*similar); +krb5_error_code krb5_c_make_checksum (krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*input, krb5_checksum*cksum); +krb5_error_code krb5_c_verify_checksum (krb5_context context, const krb5_keyblock*key, krb5_keyusage usage, const krb5_data*data, const krb5_checksum*cksum, krb5_boolean*valid); +krb5_error_code krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, size_t*length); +krb5_error_code krb5_c_keyed_checksum_types (krb5_context context, krb5_enctype enctype, unsigned int*count, krb5_cksumtype**cksumtypes); +krb5_boolean valid_enctype (const krb5_enctype ktype); +krb5_boolean valid_cksumtype (const krb5_cksumtype ctype); +krb5_boolean is_coll_proof_cksum (const krb5_cksumtype ctype); +krb5_boolean is_keyed_cksum (const krb5_cksumtype ctype); +krb5_error_code krb5_encrypt (krb5_context context, const krb5_pointer inptr, krb5_pointer outptr, const size_t size, krb5_encrypt_block* eblock, krb5_pointer ivec); +krb5_error_code krb5_decrypt (krb5_context context, const krb5_pointer inptr, krb5_pointer outptr, const size_t size, krb5_encrypt_block* eblock, krb5_pointer ivec); +krb5_error_code krb5_process_key (krb5_context context, krb5_encrypt_block* eblock, const krb5_keyblock* key); +krb5_error_code krb5_finish_key (krb5_context context, krb5_encrypt_block* eblock); +krb5_error_code krb5_string_to_key (krb5_context context, const krb5_encrypt_block* eblock, krb5_keyblock* keyblock, const krb5_data* data, const krb5_data* salt); +krb5_error_code krb5_init_random_key (krb5_context context, const krb5_encrypt_block* eblock, const krb5_keyblock* keyblock, krb5_pointer* ptr); +krb5_error_code krb5_finish_random_key (krb5_context context, const krb5_encrypt_block* eblock, krb5_pointer* ptr); +krb5_error_code krb5_random_key (krb5_context context, const krb5_encrypt_block* eblock, krb5_pointer ptr, krb5_keyblock** keyblock); +krb5_enctype krb5_eblock_enctype (krb5_context context, const krb5_encrypt_block* eblock); +krb5_error_code krb5_use_enctype (krb5_context context, krb5_encrypt_block* eblock, const krb5_enctype enctype); +size_t krb5_encrypt_size (const size_t length, krb5_enctype crypto); +size_t krb5_checksum_size (krb5_context context, const krb5_cksumtype ctype); +krb5_error_code krb5_calculate_checksum (krb5_context context, const krb5_cksumtype ctype, const krb5_pointer in, const size_t in_length, const krb5_pointer seed, const size_t seed_length, krb5_checksum* outcksum); +krb5_error_code krb5_verify_checksum (krb5_context context, const krb5_cksumtype ctype, const krb5_checksum* cksum, const krb5_pointer in, const size_t in_length, const krb5_pointer seed, const size_t seed_length); +krb5_error_code krb5_random_confounder (size_t, krb5_pointer); +krb5_error_code krb5_encrypt_data (krb5_context context, krb5_keyblock*key, krb5_pointer ivec, krb5_data*data, krb5_enc_data*enc_data); +krb5_error_code krb5_decrypt_data (krb5_context context, krb5_keyblock*key, krb5_pointer ivec, krb5_enc_data*data, krb5_data*enc_data); +krb5_error_code krb5_rc_default (krb5_context, krb5_rcache*); +krb5_error_code krb5_rc_register_type (krb5_context, krb5_rc_ops*); +krb5_error_code krb5_rc_resolve_type (krb5_context, krb5_rcache*,char*); +krb5_error_code krb5_rc_resolve_full (krb5_context, krb5_rcache*,char*); +char* krb5_rc_get_type (krb5_context, krb5_rcache); +char* krb5_rc_default_type (krb5_context); +char* krb5_rc_default_name (krb5_context); +krb5_error_code krb5_auth_to_rep (krb5_context, krb5_tkt_authent*, krb5_donot_replay*); +krb5_error_code krb5_init_context (krb5_context*); +void krb5_free_context (krb5_context); +krb5_error_code krb5_set_default_in_tkt_ktypes (krb5_context, const krb5_enctype*); +krb5_error_code krb5_get_default_in_tkt_ktypes (krb5_context, krb5_enctype**); +krb5_error_code krb5_set_default_tgs_ktypes (krb5_context, const krb5_enctype*); +krb5_error_code krb5_get_tgs_ktypes (krb5_context, krb5_const_principal, krb5_enctype**); +krb5_error_code krb5_get_permitted_enctypes (krb5_context, krb5_enctype**); +krb5_boolean krb5_is_permitted_enctype (krb5_context, krb5_enctype); +krb5_error_code krb5_kdc_rep_decrypt_proc (krb5_context, const krb5_keyblock*, krb5_const_pointer, krb5_kdc_rep* ); +krb5_error_code krb5_decrypt_tkt_part (krb5_context, const krb5_keyblock*, krb5_ticket* ); +krb5_error_code krb5_get_cred_from_kdc (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds*** ); +krb5_error_code krb5_get_cred_from_kdc_validate (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds***); +krb5_error_code krb5_get_cred_from_kdc_renew (krb5_context, krb5_ccache, krb5_creds*, krb5_creds**, krb5_creds***); +void krb5_free_tgt_creds (krb5_context, krb5_creds**); +krb5_error_code krb5_get_credentials (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**); +krb5_error_code krb5_get_credentials_validate (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**); +krb5_error_code krb5_get_credentials_renew (krb5_context, const krb5_flags, krb5_ccache, krb5_creds*, krb5_creds**); +krb5_error_code krb5_get_cred_via_tkt (krb5_context, krb5_creds*, const krb5_flags, krb5_address* const*, krb5_creds*, krb5_creds**); +krb5_error_code krb5_mk_req (krb5_context, krb5_auth_context*, const krb5_flags, char*, char*, krb5_data*, krb5_ccache, krb5_data*); +krb5_error_code krb5_mk_req_extended (krb5_context, krb5_auth_context*, const krb5_flags, krb5_data*, krb5_creds*, krb5_data*); +krb5_error_code krb5_mk_rep (krb5_context, krb5_auth_context, krb5_data*); +krb5_error_code krb5_rd_rep (krb5_context, krb5_auth_context, const krb5_data*, krb5_ap_rep_enc_part**); +krb5_error_code krb5_mk_error (krb5_context, const krb5_error*, krb5_data*); +krb5_error_code krb5_rd_error (krb5_context, const krb5_data*, krb5_error**); +krb5_error_code krb5_rd_safe (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*); +krb5_error_code krb5_rd_priv (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*); +krb5_error_code krb5_parse_name (krb5_context, const char*, krb5_principal*); +krb5_error_code krb5_unparse_name (krb5_context, krb5_const_principal, char**); +krb5_error_code krb5_unparse_name_ext (krb5_context, krb5_const_principal, char**, int*); +krb5_error_code krb5_set_principal_realm (krb5_context, krb5_principal, const char*); +krb5_boolean krb5_address_search (krb5_context, const krb5_address*, krb5_address* const*); +krb5_boolean krb5_address_compare (krb5_context, const krb5_address*, const krb5_address*); +int krb5_address_order (krb5_context, const krb5_address*, const krb5_address*); +krb5_boolean krb5_realm_compare (krb5_context, krb5_const_principal, krb5_const_principal); +krb5_boolean krb5_principal_compare (krb5_context, krb5_const_principal, krb5_const_principal); +krb5_error_code krb5_copy_keyblock (krb5_context, const krb5_keyblock*, krb5_keyblock**); +krb5_error_code krb5_copy_keyblock_contents (krb5_context, const krb5_keyblock*, krb5_keyblock*); +krb5_error_code krb5_copy_creds (krb5_context, const krb5_creds*, krb5_creds**); +krb5_error_code krb5_copy_data (krb5_context, const krb5_data*, krb5_data**); +krb5_error_code krb5_copy_principal (krb5_context, krb5_const_principal, krb5_principal*); +krb5_error_code krb5_copy_addr (krb5_context, const krb5_address*, krb5_address**); +krb5_error_code krb5_copy_addresses (krb5_context, krb5_address* const*, krb5_address***); +krb5_error_code krb5_copy_ticket (krb5_context, const krb5_ticket*, krb5_ticket**); +krb5_error_code krb5_copy_authdata (krb5_context, krb5_authdata* const*, krb5_authdata***); +krb5_error_code krb5_copy_authenticator (krb5_context, const krb5_authenticator*, krb5_authenticator**); +krb5_error_code krb5_copy_checksum (krb5_context, const krb5_checksum*, krb5_checksum**); +void krb5_init_ets (krb5_context); +void krb5_free_ets (krb5_context); +krb5_error_code krb5_generate_subkey (krb5_context, const krb5_keyblock*, krb5_keyblock**); +krb5_error_code krb5_generate_seq_number (krb5_context, const krb5_keyblock*, krb5_int32*); +krb5_error_code krb5_get_server_rcache (krb5_context, const krb5_data*, krb5_rcache*); +krb5_error_code krb5_build_principal_va (krb5_context, krb5_principal, int, const char*, va_list); +krb5_error_code krb5_425_conv_principal (krb5_context, const char*name, const char*instance, const char*realm, krb5_principal*princ); +krb5_error_code krb5_524_conv_principal (krb5_context context, const krb5_principal princ, char*name, char*inst, char*realm); +krb5_error_code krb5_mk_chpw_req (krb5_context context, krb5_auth_context auth_context, krb5_data*ap_req, char*passwd, krb5_data*packet); +krb5_error_code krb5_rd_chpw_rep (krb5_context context, krb5_auth_context auth_context, krb5_data*packet, int*result_code, krb5_data*result_data); +krb5_error_code krb5_chpw_result_code_string (krb5_context context, int result_code, char**result_codestr); +krb5_error_code krb5_kt_register (krb5_context, krb5_kt_ops*); +krb5_error_code krb5_kt_resolve (krb5_context, const char*, krb5_keytab*); +krb5_error_code krb5_kt_default_name (krb5_context, char*, int); +krb5_error_code krb5_kt_default (krb5_context, krb5_keytab*); +krb5_error_code krb5_kt_free_entry (krb5_context, krb5_keytab_entry*); +krb5_error_code krb5_kt_remove_entry (krb5_context, krb5_keytab, krb5_keytab_entry*); +krb5_error_code krb5_kt_add_entry (krb5_context, krb5_keytab, krb5_keytab_entry*); +krb5_error_code krb5_principal2salt (krb5_context, krb5_const_principal, krb5_data*); +krb5_error_code krb5_principal2salt_norealm (krb5_context, krb5_const_principal, krb5_data*); +krb5_error_code krb5_cc_resolve (krb5_context, const char*, krb5_ccache*); +const char* krb5_cc_default_name (krb5_context); +krb5_error_code krb5_cc_set_default_name (krb5_context, const char*); +krb5_error_code krb5_cc_default (krb5_context, krb5_ccache*); +unsigned int krb5_get_notification_message (void); +krb5_error_code krb5_cc_copy_creds (krb5_context context, krb5_ccache incc, krb5_ccache outcc); +krb5_error_code krb5_check_transited_list (krb5_context, krb5_data*trans, krb5_data*realm1, krb5_data*realm2); +void krb5_free_realm_tree (krb5_context, krb5_principal*); +void krb5_free_principal (krb5_context, krb5_principal); +void krb5_free_authenticator (krb5_context, krb5_authenticator*); +void krb5_free_authenticator_contents (krb5_context, krb5_authenticator*); +void krb5_free_addresses (krb5_context, krb5_address**); +void krb5_free_address (krb5_context, krb5_address*); +void krb5_free_authdata (krb5_context, krb5_authdata**); +void krb5_free_enc_tkt_part (krb5_context, krb5_enc_tkt_part*); +void krb5_free_ticket (krb5_context, krb5_ticket*); +void krb5_free_tickets (krb5_context, krb5_ticket**); +void krb5_free_kdc_req (krb5_context, krb5_kdc_req*); +void krb5_free_kdc_rep (krb5_context, krb5_kdc_rep*); +void krb5_free_last_req (krb5_context, krb5_last_req_entry**); +void krb5_free_enc_kdc_rep_part (krb5_context, krb5_enc_kdc_rep_part*); +void krb5_free_error (krb5_context, krb5_error*); +void krb5_free_ap_req (krb5_context, krb5_ap_req*); +void krb5_free_ap_rep (krb5_context, krb5_ap_rep*); +void krb5_free_safe (krb5_context, krb5_safe*); +void krb5_free_priv (krb5_context, krb5_priv*); +void krb5_free_priv_enc_part (krb5_context, krb5_priv_enc_part*); +void krb5_free_cred (krb5_context, krb5_cred*); +void krb5_free_creds (krb5_context, krb5_creds*); +void krb5_free_cred_contents (krb5_context, krb5_creds*); +void krb5_free_cred_enc_part (krb5_context, krb5_cred_enc_part*); +void krb5_free_checksum (krb5_context, krb5_checksum*); +void krb5_free_checksum_contents (krb5_context, krb5_checksum*); +void krb5_free_keyblock (krb5_context, krb5_keyblock*); +void krb5_free_keyblock_contents (krb5_context, krb5_keyblock*); +void krb5_free_pa_data (krb5_context, krb5_pa_data**); +void krb5_free_ap_rep_enc_part (krb5_context, krb5_ap_rep_enc_part*); +void krb5_free_tkt_authent (krb5_context, krb5_tkt_authent*); +void krb5_free_pwd_data (krb5_context, krb5_pwd_data*); +void krb5_free_pwd_sequences (krb5_context, passwd_phrase_element**); +void krb5_free_data (krb5_context, krb5_data*); +void krb5_free_data_contents (krb5_context, krb5_data*); +void krb5_free_unparsed_name (krb5_context, char*); +void krb5_free_cksumtypes (krb5_context, krb5_cksumtype*); +krb5_error_code krb5_us_timeofday (krb5_context, krb5_int32*, krb5_int32*); +krb5_error_code krb5_timeofday (krb5_context, krb5_int32*); +krb5_error_code krb5_os_localaddr (krb5_context, krb5_address***); +krb5_error_code krb5_get_default_realm (krb5_context, char**); +krb5_error_code krb5_set_default_realm (krb5_context, const char*); +krb5_error_code krb5_sname_to_principal (krb5_context, const char*, const char*, krb5_int32, krb5_principal*); +krb5_error_code krb5_change_password (krb5_context context, krb5_creds*creds, char*newpw, int*result_code, krb5_data*result_code_string, krb5_data*result_string); +krb5_error_code krb5_get_profile (krb5_context, profile_t*); +krb5_error_code krb5_secure_config_files (krb5_context); +krb5_error_code krb5_send_tgs (krb5_context, const krb5_flags, const krb5_ticket_times*, const krb5_enctype*, krb5_const_principal, krb5_address* const*, krb5_authdata* const*, krb5_pa_data* const*, const krb5_data*, krb5_creds*, krb5_response*); +krb5_error_code krb5_get_in_tkt_with_password (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const char*, krb5_ccache, krb5_creds*, krb5_kdc_rep**); +krb5_error_code krb5_get_in_tkt_with_skey (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const krb5_keyblock*, krb5_ccache, krb5_creds*, krb5_kdc_rep**); +krb5_error_code krb5_get_in_tkt_with_keytab (krb5_context, const krb5_flags, krb5_address* const*, krb5_enctype*, krb5_preauthtype*, const krb5_keytab, krb5_ccache, krb5_creds*, krb5_kdc_rep**); +krb5_error_code krb5_decode_kdc_rep (krb5_context, krb5_data*, const krb5_keyblock*, krb5_kdc_rep**); +krb5_error_code krb5_rd_req (krb5_context, krb5_auth_context*, const krb5_data*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**); +krb5_error_code krb5_rd_req_decoded (krb5_context, krb5_auth_context*, const krb5_ap_req*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**); +krb5_error_code krb5_rd_req_decoded_anyflag (krb5_context, krb5_auth_context*, const krb5_ap_req*, krb5_const_principal, krb5_keytab, krb5_flags*, krb5_ticket**); +krb5_error_code krb5_kt_read_service_key (krb5_context, krb5_pointer, krb5_principal, krb5_kvno, krb5_enctype, krb5_keyblock**); +krb5_error_code krb5_mk_safe (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*); +krb5_error_code krb5_mk_priv (krb5_context, krb5_auth_context, const krb5_data*, krb5_data*, krb5_replay_data*); +krb5_error_code krb5_cc_register (krb5_context, krb5_cc_ops*, krb5_boolean); +krb5_error_code krb5_sendauth (krb5_context, krb5_auth_context*, krb5_pointer, char*, krb5_principal, krb5_principal, krb5_flags, krb5_data*, krb5_creds*, krb5_ccache, krb5_error**, krb5_ap_rep_enc_part**, krb5_creds**); +krb5_error_code krb5_recvauth (krb5_context, krb5_auth_context*, krb5_pointer, char*, krb5_principal, krb5_int32, krb5_keytab, krb5_ticket**); +krb5_error_code krb5_walk_realm_tree (krb5_context, const krb5_data*, const krb5_data*, krb5_principal**, int); +krb5_error_code krb5_mk_ncred (krb5_context, krb5_auth_context, krb5_creds**, krb5_data**, krb5_replay_data*); +krb5_error_code krb5_mk_1cred (krb5_context, krb5_auth_context, krb5_creds*, krb5_data**, krb5_replay_data*); +krb5_error_code krb5_rd_cred (krb5_context, krb5_auth_context, krb5_data*, krb5_creds***, krb5_replay_data*); +krb5_error_code krb5_fwd_tgt_creds (krb5_context, krb5_auth_context, char*, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data*); +krb5_error_code krb5_auth_con_init (krb5_context, krb5_auth_context*); +krb5_error_code krb5_auth_con_free (krb5_context, krb5_auth_context); +krb5_error_code krb5_auth_con_setflags (krb5_context, krb5_auth_context, krb5_int32); +krb5_error_code krb5_auth_con_getflags (krb5_context, krb5_auth_context, krb5_int32*); +krb5_error_code krb5_auth_con_setaddrs (krb5_context, krb5_auth_context, krb5_address*, krb5_address*); +krb5_error_code krb5_auth_con_getaddrs (krb5_context, krb5_auth_context, krb5_address**, krb5_address**); +krb5_error_code krb5_auth_con_setports (krb5_context, krb5_auth_context, krb5_address*, krb5_address*); +krb5_error_code krb5_auth_con_setuseruserkey (krb5_context, krb5_auth_context, krb5_keyblock*); +krb5_error_code krb5_auth_con_getkey (krb5_context, krb5_auth_context, krb5_keyblock**); +krb5_error_code krb5_auth_con_getlocalsubkey (krb5_context, krb5_auth_context, krb5_keyblock**); +krb5_error_code krb5_auth_con_set_req_cksumtype (krb5_context, krb5_auth_context, krb5_cksumtype); +krb5_error_code krb5_auth_con_set_safe_cksumtype (krb5_context, krb5_auth_context, krb5_cksumtype); +krb5_error_code krb5_auth_con_getcksumtype (krb5_context, krb5_auth_context, krb5_cksumtype*); +krb5_error_code krb5_auth_con_getlocalseqnumber (krb5_context, krb5_auth_context, krb5_int32*); +krb5_error_code krb5_auth_con_getremoteseqnumber (krb5_context, krb5_auth_context, krb5_int32*); +krb5_error_code krb5_auth_con_initivector (krb5_context, krb5_auth_context); +krb5_error_code krb5_auth_con_setivector (krb5_context, krb5_auth_context, krb5_pointer); +krb5_error_code krb5_auth_con_getivector (krb5_context, krb5_auth_context, krb5_pointer*); +krb5_error_code krb5_auth_con_setrcache (krb5_context, krb5_auth_context, krb5_rcache); +krb5_error_code krb5_auth_con_getrcache (krb5_context, krb5_auth_context, krb5_rcache*); +krb5_error_code krb5_auth_con_getauthenticator (krb5_context, krb5_auth_context, krb5_authenticator**); +krb5_error_code krb5_auth_con_getremotesubkey (krb5_context, krb5_auth_context, krb5_keyblock**); +krb5_error_code krb5_read_password (krb5_context, const char*, const char*, char*, int*); +krb5_error_code krb5_aname_to_localname (krb5_context, krb5_const_principal, const int, char*); +krb5_error_code krb5_get_host_realm (krb5_context, const char*, char***); +krb5_error_code krb5_free_host_realm (krb5_context, char* const*); +krb5_error_code krb5_get_realm_domain (krb5_context, const char*, char**); +krb5_boolean krb5_kuserok (krb5_context, krb5_principal, const char*); +krb5_error_code krb5_auth_con_genaddrs (krb5_context, krb5_auth_context, int, int); +krb5_error_code krb5_gen_portaddr (krb5_context, const krb5_address*, krb5_const_pointer, krb5_address**); +krb5_error_code krb5_make_fulladdr (krb5_context, krb5_address*, krb5_address*, krb5_address*); +krb5_error_code krb5_os_hostaddr (krb5_context, const char*, krb5_address***); +krb5_error_code krb5_set_real_time (krb5_context, krb5_int32, krb5_int32); +krb5_error_code krb5_set_debugging_time (krb5_context, krb5_int32, krb5_int32); +krb5_error_code krb5_use_natural_time (krb5_context); +krb5_error_code krb5_get_time_offsets (krb5_context, krb5_int32*, krb5_int32*); +krb5_error_code krb5_set_time_offsets (krb5_context, krb5_int32, krb5_int32); +krb5_error_code krb5_string_to_enctype (char*, krb5_enctype*); +krb5_error_code krb5_string_to_salttype (char*, krb5_int32*); +krb5_error_code krb5_string_to_cksumtype (char*, krb5_cksumtype*); +krb5_error_code krb5_string_to_timestamp (char*, krb5_timestamp*); +krb5_error_code krb5_string_to_deltat (char*, krb5_deltat*); +krb5_error_code krb5_enctype_to_string (krb5_enctype, char*, size_t); +krb5_error_code krb5_salttype_to_string (krb5_int32, char*, size_t); +krb5_error_code krb5_cksumtype_to_string (krb5_cksumtype, char*, size_t); +krb5_error_code krb5_timestamp_to_string (krb5_timestamp, char*, size_t); +krb5_error_code krb5_timestamp_to_sfstring (krb5_timestamp, char*, size_t, char*); +krb5_error_code krb5_deltat_to_string (krb5_deltat, char*, size_t); +krb5_error_code krb5_prompter_posix (krb5_context context, void*data, const char*name, const char*banner, int num_prompts, krb5_prompt prompts[]); +void krb5_get_init_creds_opt_init (krb5_get_init_creds_opt*opt); +void krb5_get_init_creds_opt_set_tkt_life (krb5_get_init_creds_opt*opt, krb5_deltat tkt_life); +void krb5_get_init_creds_opt_set_renew_life (krb5_get_init_creds_opt*opt, krb5_deltat renew_life); +void krb5_get_init_creds_opt_set_forwardable (krb5_get_init_creds_opt*opt, int forwardable); +void krb5_get_init_creds_opt_set_proxiable (krb5_get_init_creds_opt*opt, int proxiable); +void krb5_get_init_creds_opt_set_etype_list (krb5_get_init_creds_opt*opt, krb5_enctype*etype_list, int etype_list_length); +void krb5_get_init_creds_opt_set_address_list (krb5_get_init_creds_opt*opt, krb5_address**addresses); +void krb5_get_init_creds_opt_set_preauth_list (krb5_get_init_creds_opt*opt, krb5_preauthtype*preauth_list, int preauth_list_length); +void krb5_get_init_creds_opt_set_salt (krb5_get_init_creds_opt*opt, krb5_data*salt); +krb5_error_code krb5_get_init_creds_password (krb5_context context, krb5_creds*creds, krb5_principal client, char*password, krb5_prompter_fct prompter, void*data, krb5_deltat start_time, char*in_tkt_service, krb5_get_init_creds_opt*options); +krb5_error_code krb5_get_init_creds_keytab (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char*in_tkt_service, krb5_get_init_creds_opt*options); +void krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt*options); +void krb5_verify_init_creds_opt_set_ap_req_nofail (krb5_verify_init_creds_opt*options, int ap_req_nofail); +krb5_error_code krb5_verify_init_creds (krb5_context context, krb5_creds*creds, krb5_principal ap_req_server, krb5_keytab ap_req_keytab, krb5_ccache*ccache, krb5_verify_init_creds_opt*options); +krb5_error_code krb5_get_validated_creds (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_ccache ccache, char*in_tkt_service); +krb5_error_code krb5_get_renewed_creds (krb5_context context, krb5_creds*creds, krb5_principal client, krb5_ccache ccache, char*in_tkt_service); +krb5_error_code krb5_realm_iterator_create (krb5_context context, void**iter_p); +krb5_error_code krb5_realm_iterator (krb5_context context, void**iter_p, char**ret_realm); +void krb5_realm_iterator_free (krb5_context context, void**iter_p); +void krb5_free_realm_string (krb5_context context, char*str); diff --git a/src/mac/K5Library.exp b/src/mac/K5Library.exp index f81e27c39..9d7ace976 100644 --- a/src/mac/K5Library.exp +++ b/src/mac/K5Library.exp @@ -206,7 +206,6 @@ #Temporary exports (DO NOT USE) decode_krb5_ticket -# profile_get_values krb5_random_confounder krb5_size_opaque krb5_internalize_opaque @@ -222,9 +221,3 @@ krb5_ser_rcache_init decode_krb5_ap_req krb5_mcc_ops - -#com_err -- we should really have this in a separate lib! -# add_error_table -# remove_error_table - error_message - \ No newline at end of file diff --git a/src/mac/Makefile b/src/mac/Makefile index 9797fe5ad..c91c8d828 100644 --- a/src/mac/Makefile +++ b/src/mac/Makefile @@ -20,16 +20,23 @@ library-kind-final = ############################################################################################################## # Everything -all Ä glue all-debug all-final +all Ä unset-echo glue all-debug all-final # Debugging versions -all-debug Ä ppc-debug 68k-debug headers +all-debug Ä unset-echo ppc-debug 68k-debug headers # Final versions -all-final Ä ppc-final 68k-final headers +all-final Ä unset-echo ppc-final 68k-final headers # Clasic 68K glue -glue Ä glue-gss glue-krb5 +glue Ä unset-echo glue-gss glue-krb5 + +unset-echo Ä + If ({MacdevScriptDebug}) + Set Echo 1 + Else + Unset Echo + End ############################################################################################################## ### More global constants @@ -42,42 +49,49 @@ krb5-library-output-folder = {root-folder}:Kerberos5Lib:Binaries: krb5-globals-library-output-folder = {root-folder}:Kerberos5GlobalsLib:Binaries: krb5-globals-data-library-output-folder = {krb5-globals-library-output-folder} profile-library-output-folder = {root-folder}:KerberosProfileLib:Binaries: +comerr-library-output-folder = {root-folder}:ComErrLib:Binaries: gss-library-name = GSSLib krb5-library-name = Kerberos5Lib krb5-globals-library-name = Krb5GlobalsLib krb5-globals-data-library-name = Krb5GlobalsDataLib profile-library-name = KrbProfileLib +comerr-library-name = ComErrLib gss-library-export = {root-folder}mac:GSSLibrary.exp krb5-library-export = {root-folder}mac:K5Library.exp krb5-globals-library-export = {krb5-globals-root-folder}Krb5Globals.exp krb5-globals-data-library-export = {krb5-globals-root-folder}Krb5GlobalsData.exp profile-library-export = {root-folder}util:profile:profile.exp +comerr-library-export = {root-folder}util:et:et.exp gss-library-fragment-name = "GSSLibrary" krb5-library-fragment-name = "MIT Kerberos¥Kerberos5Lib" krb5-globals-library-fragment-name = "MIT Kerberos¥Kerberos5GlobalsLib" krb5-globals-data-library-fragment-name = "MIT Kerberos¥Kerberos5GlobalsDataLib" profile-library-fragment-name = "MIT Kerberos¥KerberosProfileLib" +comerr-library-fragment-name = "MIT Kerberos¥ComErrLib" gss-library-main = ¶"¶" krb5-library-main = ¶"¶" krb5-globals-library-main = ¶"¶" krb5-globals-data-library-main = ¶"¶" profile-library-main = ¶"¶" +comerr-library-main = ¶"¶" gss-library-init = __initializeGSS krb5-library-init = __initializeK5 krb5-globals-library-init = __initialize_Kerberos5GlobalsLib krb5-globals-data-library-init = __initialize profile-library-init = InitializeProfileLib +comerr-library-init = __initialize gss-library-term = __terminateGSS krb5-library-term = __terminateK5 krb5-globals-library-term = __terminate_Kerberos5GlobalsLib krb5-globals-data-library-term = __terminate profile-library-term = TerminateProfileLib +comerr-library-term = __terminate gss-library-current-version = 1 gss-library-definition-version = 0 @@ -99,14 +113,18 @@ profile-library-current-version = 0 profile-library-definition-version = 0 profile-library-implementation-version = 0 +comerr-library-current-version = 0 +comerr-library-definition-version = 0 +comerr-library-implementation-version = 0 + ############################################################################################################## ### Generation of file lists ############################################################################################################## +list-generation-script-working-folder = "{root-folder}mac:" list-generation-script-folder = "{root-folder}mac:" list-generation-script = "{list-generation-script-folder}macfile_gen.pl" list-generation-script-root = ".." -list-generation-script-prefix = "{root-folder}" all-files-list = {root-folder}"All files.list" all-sources-list = {root-folder}"All sources.list" @@ -132,6 +150,11 @@ profile-objects-68k-debug-list = {root-folder}"Profile objects 68K debug.lis profile-objects-ppc-final-list = {root-folder}"Profile objects PPC final.list" profile-objects-68k-final-list = {root-folder}"Profile objects 68K final.list" +comerr-objects-ppc-debug-list = {root-folder}"ComErr objects PPC debug.list" +comerr-objects-68k-debug-list = {root-folder}"ComErr objects 68K debug.list" +comerr-objects-ppc-final-list = {root-folder}"ComErr objects PPC final.list" +comerr-objects-68k-final-list = {root-folder}"ComErr objects 68K final.list" + all-lists = ¶ {all-files-list} ¶ {all-sources-list} ¶ @@ -150,7 +173,11 @@ all-lists = {profile-objects-ppc-debug-list} ¶ {profile-objects-68k-debug-list} ¶ {profile-objects-ppc-final-list} ¶ - {profile-objects-68k-final-list} + {profile-objects-68k-final-list} ¶ + {comerr-objects-ppc-debug-list} ¶ + {comerr-objects-68k-debug-list} ¶ + {comerr-objects-ppc-final-list} ¶ + {comerr-objects-68k-final-list} file-lists Ä {all-lists} @@ -159,75 +186,91 @@ file-lists # path to root Makefile.in. This is why we run it with -x to specify the root. {all-files-list} Ä {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} all-files {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} all-files {list-generation-script-root} ¶ > {Targ} {all-sources-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} all-sources {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} all-sources {list-generation-script-root} ¶ < {all-files-list} > {Targ} {all-folders-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} all-folders {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} all-folders {list-generation-script-root} ¶ < {all-files-list} > {Targ} {include-folders-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} include-folders {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} include-folders {list-generation-script-root} ¶ < {all-files-list} > {Targ} {gss-sources-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} gss-sources {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-sources {list-generation-script-root} ¶ < {all-files-list} > {Targ} {krb5-sources-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} krb5-sources {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-sources {list-generation-script-root} ¶ < {all-files-list} > {Targ} {gss-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-ppc-debug {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-ppc-debug {list-generation-script-root} ¶ < {all-files-list} > {Targ} {gss-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-68k-debug {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-68k-debug {list-generation-script-root} ¶ < {all-files-list} > {Targ} {gss-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-ppc-final {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-ppc-final {list-generation-script-root} ¶ < {all-files-list} > {Targ} {gss-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} gss-objects-68k-final {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} gss-objects-68k-final {list-generation-script-root} ¶ < {all-files-list} > {Targ} {krb5-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-ppc-debug {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-ppc-debug {list-generation-script-root} ¶ < {all-files-list} > {Targ} {krb5-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-68k-debug {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-68k-debug {list-generation-script-root} ¶ < {all-files-list} > {Targ} {krb5-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-ppc-final {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-ppc-final {list-generation-script-root} ¶ < {all-files-list} > {Targ} {krb5-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} krb5-objects-68k-final {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} krb5-objects-68k-final {list-generation-script-root} ¶ < {all-files-list} > {Targ} {profile-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-ppc-debug {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-ppc-debug {list-generation-script-root} ¶ < {all-files-list} > {Targ} {profile-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-68k-debug {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-68k-debug {list-generation-script-root} ¶ < {all-files-list} > {Targ} {profile-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-ppc-final {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-ppc-final {list-generation-script-root} ¶ < {all-files-list} > {Targ} {profile-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} - perl -x"{list-generation-script-folder}" {list-generation-script} profile-objects-68k-final {list-generation-script-root} {list-generation-script-prefix} ¶ + perl -x"{list-generation-script-working-folder}" {list-generation-script} profile-objects-68k-final {list-generation-script-root} ¶ + < {all-files-list} > {Targ} + +{comerr-objects-ppc-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} + perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-ppc-debug {list-generation-script-root} ¶ + < {all-files-list} > {Targ} + +{comerr-objects-68k-debug-list} Ä {all-files-list} {list-generation-script} {makefile-name} + perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-68k-debug {list-generation-script-root} ¶ + < {all-files-list} > {Targ} + +{comerr-objects-ppc-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} + perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-ppc-final {list-generation-script-root} ¶ + < {all-files-list} > {Targ} + +{comerr-objects-68k-final-list} Ä {all-files-list} {list-generation-script} {makefile-name} + perl -x"{list-generation-script-working-folder}" {list-generation-script} comerr-objects-68k-final {list-generation-script-root} ¶ < {all-files-list} > {Targ} ############################################################################################################## @@ -377,16 +420,27 @@ autogenerated-files = ### krb5-globals-library-term -- name of Krb5 globals library termination routine ### krb5-globals-library-linker-options -- all other Krb5 globals library linker options ### For profile library -### profile-library-output-folder -- destination of Krb5 globals library output -### profile-library-name -- name of the Krb5 globals library -### profile-library-export -- name of gss Krb5 globals library export file -### profile-library-libraries -- list of libraries Krb5 globals library links against -### profile-library-objects -- list of object files Krb5 globals library links -### profile-library-fragment-name -- name of Krb5 globals library fragment -### profile-library-main -- name of Krb5 globals library main entry point -### profile-library-init -- name of Krb5 globals library initialization routine -### profile-library-term -- name of Krb5 globals library termination routine -### profile-library-linker-options -- all other Krb5 globals library linker options +### profile-library-output-folder -- destination of profile library output +### profile-library-name -- name of the profile library +### profile-library-export -- name of gss profile library export file +### profile-library-libraries -- list of libraries profile library links against +### profile-library-objects -- list of object files profile library links +### profile-library-fragment-name -- name of profile library fragment +### profile-library-main -- name of profile library main entry point +### profile-library-init -- name of profile library initialization routine +### profile-library-term -- name of profile library termination routine +### profile-library-linker-options -- all other profile library linker options +### For comerr library +### comerr-library-output-folder -- destination of comerr library output +### comerr-library-name -- name of the comerr library +### comerr-library-export -- name of gss comerr library export file +### comerr-library-libraries -- list of libraries comerr library links against +### comerr-library-objects -- list of object files comerr library links +### comerr-library-fragment-name -- name of comerr library fragment +### comerr-library-main -- name of comerr library main entry point +### comerr-library-init -- name of comerr library initialization routine +### comerr-library-term -- name of comerr library termination routine +### comerr-library-linker-options -- all other comerr library linker options ### General ### library-linker -- linker to use ### autogenerated-files -- list of autogenerated files @@ -458,19 +512,23 @@ object-suffix-68k-data = .68k.o gss-library-libraries-ppc-debug = ¶ {standard-libraries-ppc-debug} ¶ {krb5-library-output-folder}{krb5-library-name}{library-platform-ppc}{library-kind-debug} ¶ - {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug} + {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug} gss-library-libraries-68k-debug = ¶ {standard-libraries-68k-debug} ¶ {krb5-library-output-folder}{krb5-library-name}{library-platform-68k}{library-kind-debug} ¶ - {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug} + {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-debug} gss-library-libraries-ppc-final = ¶ {standard-libraries-ppc-final} ¶ {krb5-library-output-folder}{krb5-library-name}{library-platform-ppc}{library-kind-final} ¶ - {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final} + {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final} gss-library-libraries-68k-final = ¶ {standard-libraries-68k-final} ¶ {krb5-library-output-folder}{krb5-library-name}{library-platform-68k}{library-kind-final} ¶ - {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final} + {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-final} krb5-library-libraries-ppc-debug = ¶ {standard-libraries-ppc-debug} ¶ @@ -479,6 +537,7 @@ krb5-library-libraries-ppc-debug = {errorlib-ppc-debug} ¶ {krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-ppc}{library-kind-debug} ¶ {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-debug} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug} ¶ ¶"{PPCLibraries}PPCMath64Lib.o¶" ¶ ¶"{SharedLibraries}DriverServicesLib¶" krb5-library-libraries-68k-debug = ¶ @@ -487,7 +546,8 @@ krb5-library-libraries-68k-debug = {socketslib-68k-debug} ¶ {errorlib-68k-debug} ¶ {krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-68k}{library-kind-debug} ¶ - {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug} + {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-debug} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-debug} krb5-library-libraries-ppc-final = ¶ {standard-libraries-ppc-final} ¶ {ccachelib-ppc-final} ¶ @@ -495,6 +555,7 @@ krb5-library-libraries-ppc-final = {errorlib-ppc-final} ¶ {krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-ppc}{library-kind-final} ¶ {profile-library-output-folder}{profile-library-name}{library-platform-ppc}{library-kind-final} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final} ¶ ¶"{PPCLibraries}PPCMath64Lib.o¶" ¶ ¶"{SharedLibraries}DriverServicesLib¶" krb5-library-libraries-68k-final = ¶ @@ -503,7 +564,8 @@ krb5-library-libraries-68k-final = {socketslib-68k-final} ¶ {errorlib-68k-final} ¶ {krb5-globals-library-output-folder}{krb5-globals-library-name}{library-platform-68k}{library-kind-final} ¶ - {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final} + {profile-library-output-folder}{profile-library-name}{library-platform-68k}{library-kind-final} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-final} krb5-globals-library-libraries-ppc-debug = ¶ {standard-libraries-ppc-debug} ¶ @@ -526,12 +588,25 @@ krb5-globals-data-library-libraries-ppc = krb5-globals-data-library-libraries-68k = ¶"{MW68KLibraries}MSL MWCFM68KRuntime.Lib¶" profile-library-libraries-ppc-debug = ¶ - {standard-libraries-ppc-debug} + {standard-libraries-ppc-debug} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-debug} profile-library-libraries-68k-debug = ¶ - {standard-libraries-68k-debug} + {standard-libraries-68k-debug} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-debug} profile-library-libraries-ppc-final = ¶ - {standard-libraries-ppc-final} + {standard-libraries-ppc-final} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-ppc}{library-kind-final} profile-library-libraries-68k-final = ¶ + {standard-libraries-68k-final} ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform-68k}{library-kind-final} + +comerr-library-libraries-ppc-debug = ¶ + {standard-libraries-ppc-debug} +comerr-library-libraries-68k-debug = ¶ + {standard-libraries-68k-debug} +comerr-library-libraries-ppc-final = ¶ + {standard-libraries-ppc-final} +comerr-library-libraries-68k-final = ¶ {standard-libraries-68k-final} ### Construct linker options. @@ -589,15 +664,33 @@ profile-library-linker-options-68k-debug = {common-linker-options-debug} {profil profile-library-linker-options-ppc-final = {common-linker-options-final} {profile-library-common-linker-options} profile-library-linker-options-68k-final = {common-linker-options-final} {profile-library-common-linker-options} -gss-library-objects-ppc-debug = `catenate {gss-objects-ppc-debug-list}` {root-folder}mac:GSS.CFM{object-suffix-ppc-debug} -gss-library-objects-68k-debug = `catenate {gss-objects-68k-debug-list}` {root-folder}mac:GSS.CFM{object-suffix-68k-debug} -gss-library-objects-ppc-final = `catenate {gss-objects-ppc-final-list}` {root-folder}mac:GSS.CFM{object-suffix-ppc-final} -gss-library-objects-68k-final = `catenate {gss-objects-68k-final-list}` {root-folder}mac:GSS.CFM{object-suffix-68k-final} - -krb5-library-objects-ppc-debug = `catenate {krb5-objects-ppc-debug-list}` {root-folder}mac:K5.CFM{object-suffix-ppc-debug} -krb5-library-objects-68k-debug = `catenate {krb5-objects-68k-debug-list}` {root-folder}mac:K5.CFM{object-suffix-68k-debug} -krb5-library-objects-ppc-final = `catenate {krb5-objects-ppc-final-list}` {root-folder}mac:K5.CFM{object-suffix-ppc-final} -krb5-library-objects-68k-final = `catenate {krb5-objects-68k-final-list}` {root-folder}mac:K5.CFM{object-suffix-68k-final} +comerr-library-common-linker-options = ¶ + -cv {comerr-library-current-version} ¶ + -dv {comerr-library-definition-version} ¶ + -uv {comerr-library-implementation-version} + +comerr-library-linker-options-ppc-debug = {common-linker-options-debug} {comerr-library-common-linker-options} +comerr-library-linker-options-68k-debug = {common-linker-options-debug} {comerr-library-common-linker-options} +comerr-library-linker-options-ppc-final = {common-linker-options-final} {comerr-library-common-linker-options} +comerr-library-linker-options-68k-final = {common-linker-options-final} {comerr-library-common-linker-options} + +gss-library-objects-ppc-debug = `catenate {gss-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:GSS.CFM{object-suffix-ppc-debug} +gss-library-objects-68k-debug = `catenate {gss-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:GSS.CFM{object-suffix-68k-debug} +gss-library-objects-ppc-final = `catenate {gss-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:GSS.CFM{object-suffix-ppc-final} +gss-library-objects-68k-final = `catenate {gss-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:GSS.CFM{object-suffix-68k-final} + +krb5-library-objects-ppc-debug = `catenate {krb5-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:K5.CFM{object-suffix-ppc-debug} +krb5-library-objects-68k-debug = `catenate {krb5-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:K5.CFM{object-suffix-68k-debug} +krb5-library-objects-ppc-final = `catenate {krb5-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:K5.CFM{object-suffix-ppc-final} +krb5-library-objects-68k-final = `catenate {krb5-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:K5.CFM{object-suffix-68k-final} krb5-globals-library-objects-ppc-debug = ¶ {krb5-globals-root-folder}Krb5Globals{object-suffix-ppc-debug} ¶ @@ -615,10 +708,19 @@ krb5-globals-library-objects-68k-final = krb5-globals-data-library-objects-ppc = {krb5-globals-root-folder}Krb5GlobalsData{object-suffix-ppc-data} krb5-globals-data-library-objects-68k = {krb5-globals-root-folder}Krb5GlobalsData{object-suffix-68k-data} -profile-library-objects-ppc-debug = `catenate {profile-objects-ppc-debug-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-debug} -profile-library-objects-68k-debug = `catenate {profile-objects-68k-debug-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-68k-debug} -profile-library-objects-ppc-final = `catenate {profile-objects-ppc-final-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-final} -profile-library-objects-68k-final = `catenate {profile-objects-68k-final-list}` {root-folder}mac:ProfileLib.CFM{object-suffix-68k-final} +profile-library-objects-ppc-debug = `catenate {profile-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-debug} +profile-library-objects-68k-debug = `catenate {profile-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:ProfileLib.CFM{object-suffix-68k-debug} +profile-library-objects-ppc-final = `catenate {profile-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:ProfileLib.CFM{object-suffix-ppc-final} +profile-library-objects-68k-final = `catenate {profile-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` ¶ + {root-folder}mac:ProfileLib.CFM{object-suffix-68k-final} + +comerr-library-objects-ppc-debug = `catenate {comerr-objects-ppc-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` +comerr-library-objects-68k-debug = `catenate {comerr-objects-68k-debug-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` +comerr-library-objects-ppc-final = `catenate {comerr-objects-ppc-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` +comerr-library-objects-68k-final = `catenate {comerr-objects-68k-final-list} | StreamEdit -d -set prefix="{root-folder}" -e "/¥:(Å)¨2/ Print prefix¨2"` library-linker-ppc = MWLinkPPC library-linker-68K = MWLink68K @@ -632,7 +734,7 @@ common-compiler-options = -model farData # Don't put the prefix file in these options because they are used to precompile the prefix file -ppc-compiler-options = +ppc-compiler-options = -tb on 68k-compiler-options = -model cfmflat debug-compiler-options = -sym on final-compiler-options = -sym off @@ -642,7 +744,7 @@ mitsupportlib-include-paths = -i {mitsupportlib-root-folder}ErrorLib:Headers: ¶ -i {mitsupportlib-root-folder}UtilitiesLib:Headers: -include-paths = `catenate {include-folders-list}` ¶ +include-paths = `catenate {include-folders-list} | StreamEdit -d -set prefix="{root-folder}mac:" -e "/-i (Å)¨1/ Print '-i 'prefix¨1"` ¶ -i {mitkerberoslib-root-folder}CCacheLib:Headers: ¶ -i {krb5-globals-root-folder} ¶ {mitsupportlib-include-paths} @@ -714,7 +816,14 @@ make-options-common = -d profile-library-fragment-name={profile-library-fragment-name} ¶ -d profile-library-main="{profile-library-main}" ¶ -d profile-library-init="{profile-library-init}" ¶ - -d profile-library-term="{profile-library-term}" + -d profile-library-term="{profile-library-term}" ¶ + -d comerr-library-output-folder="{comerr-library-output-folder}" ¶ + -d comerr-library-name="{comerr-library-name}" ¶ + -d comerr-library-export="{comerr-library-export}" ¶ + -d comerr-library-fragment-name={comerr-library-fragment-name} ¶ + -d comerr-library-main="{comerr-library-main}" ¶ + -d comerr-library-init="{comerr-library-init}" ¶ + -d comerr-library-term="{comerr-library-term}" make-options-ppc-debug = ¶ -d library-linker="{library-linker-ppc}" ¶ @@ -735,6 +844,9 @@ make-options-ppc-debug = -d profile-library-libraries="{profile-library-libraries-ppc-debug}" ¶ -d profile-library-objects="{profile-library-objects-ppc-debug}" ¶ -d profile-library-linker-options="{profile-library-linker-options-ppc-debug}" ¶ + -d comerr-library-libraries="{comerr-library-libraries-ppc-debug}" ¶ + -d comerr-library-objects="{comerr-library-objects-ppc-debug}" ¶ + -d comerr-library-linker-options="{comerr-library-linker-options-ppc-debug}" ¶ -d object-suffix="{object-suffix-ppc-debug}" ¶ -d object-suffix-data="{object-suffix-ppc-data}" ¶ -d compiler-options="{compiler-options-ppc-debug}" ¶ @@ -760,6 +872,9 @@ make-options-68k-debug = -d profile-library-libraries="{profile-library-libraries-68k-debug}" ¶ -d profile-library-objects="{profile-library-objects-68k-debug}" ¶ -d profile-library-linker-options="{profile-library-linker-options-68k-debug}" ¶ + -d comerr-library-libraries="{comerr-library-libraries-68k-debug}" ¶ + -d comerr-library-objects="{comerr-library-objects-68k-debug}" ¶ + -d comerr-library-linker-options="{comerr-library-linker-options-68k-debug}" ¶ -d object-suffix="{object-suffix-68k-debug}" ¶ -d object-suffix-data="{object-suffix-68k-data}" ¶ -d compiler-options="{compiler-options-68k-debug}" ¶ @@ -786,6 +901,9 @@ make-options-ppc-final = -d profile-library-libraries="{profile-library-libraries-ppc-final}" ¶ -d profile-library-objects="{profile-library-objects-ppc-final}" ¶ -d profile-library-linker-options="{profile-library-linker-options-ppc-final}" ¶ + -d comerr-library-libraries="{comerr-library-libraries-ppc-final}" ¶ + -d comerr-library-objects="{comerr-library-objects-ppc-final}" ¶ + -d comerr-library-linker-options="{comerr-library-linker-options-ppc-final}" ¶ -d object-suffix="{object-suffix-ppc-final}" ¶ -d object-suffix-data="{object-suffix-ppc-data}" ¶ -d compiler-options="{compiler-options-ppc-final}" ¶ @@ -811,6 +929,9 @@ make-options-68k-final = -d profile-library-libraries="{profile-library-libraries-68k-final}" ¶ -d profile-library-objects="{profile-library-objects-68k-final}" ¶ -d profile-library-linker-options="{profile-library-linker-options-68k-final}" ¶ + -d comerr-library-libraries="{comerr-library-libraries-68k-final}" ¶ + -d comerr-library-objects="{comerr-library-objects-68k-final}" ¶ + -d comerr-library-linker-options="{comerr-library-linker-options-68k-final}" ¶ -d object-suffix="{object-suffix-68k-final}" ¶ -d object-suffix-data="{object-suffix-68k-data}" ¶ -d compiler-options="{compiler-options-68k-final}" ¶ @@ -821,22 +942,22 @@ make-output = "{TempFolder}GSS/Kerberos Makefile script" submakefile-target = gss-library ppc-debug Ä {makefile-name} {gss-objects-ppc-debug-list} {krb5-objects-ppc-debug-list} ¶ - {profile-objects-ppc-debug-list} {include-folders-list} + {profile-objects-ppc-debug-list} {comerr-objects-ppc-debug-list} {include-folders-list} Make {make-options-common} {make-options-ppc-debug} {submakefile-target} > {make-output} {make-output} 68k-debug Ä {makefile-name} {gss-objects-68k-debug-list} {krb5-objects-68k-debug-list} ¶ - {profile-objects-68k-debug-list} {include-folders-list} + {profile-objects-68k-debug-list} {comerr-objects-68k-debug-list} {include-folders-list} Make {make-options-common} {make-options-68k-debug} {submakefile-target} > {make-output} {make-output} ppc-final Ä {makefile-name} {gss-objects-ppc-final-list} {krb5-objects-ppc-final-list} ¶ - {profile-objects-ppc-final-list} {include-folders-list} + {profile-objects-ppc-final-list} {comerr-objects-ppc-final-list} {include-folders-list} Make {make-options-common} {make-options-ppc-final} {submakefile-target} > {make-output} {make-output} 68k-final Ä {makefile-name} {gss-objects-68k-final-list} {krb5-objects-68k-final-list} ¶ - {profile-objects-68k-final-list} {include-folders-list} + {profile-objects-68k-final-list} {comerr-objects-68k-final-list} {include-folders-list} Make {make-options-common} {make-options-68k-final} {submakefile-target} > {make-output} {make-output} @@ -900,6 +1021,17 @@ ppc-final ### profile-library-init -- name of profile library initialization routine ### profile-library-term -- name of profile library termination routine ### profile-library-linker-options -- all other profile library linker options +### For comerr library +### comerr-library-output-folder -- destination of comerr library output +### comerr-library-name -- name of the comerr library +### comerr-library-export -- name of comerr library export file +### comerr-library-libraries -- list of libraries comerr library links against +### comerr-library-objects -- list of object files comerr library links +### comerr-library-fragment-name -- name of comerr library fragment +### comerr-library-main -- name of comerr library main entry point +### comerr-library-init -- name of comerr library initialization routine +### comerr-library-term -- name of comerr library termination routine +### comerr-library-linker-options -- all other comerr library linker options ### General ### library-linker -- linker to use ### autogenerated-files -- list of autogenerated files @@ -933,6 +1065,9 @@ object-suffix-data = .ignore.me.too profile-library-libraries = profile-library-objects = profile-library-linker-options = +comerr-library-libraries = +comerr-library-objects = +comerr-library-linker-options = ### Generate various major components of build commands from the above variables gss-library-output-files = ¶ @@ -1015,6 +1150,22 @@ profile-library-build-command = {profile-library-linker-options} ¶ {profile-library-objects} {profile-library-libraries} +comerr-library-output-files = ¶ + {comerr-library-output-folder}{comerr-library-name}{library-platform}{library-kind} +comerr-library-dependencies = ¶ + {autogenerated-files} {comerr-library-export} {comerr-library-libraries} {comerr-library-objects} +comerr-library-build-command = ¶ + {library-linker} ¶ + -name "{comerr-library-fragment-name}{library-kind}" ¶ + -main {comerr-library-main} ¶ + -init {comerr-library-init} ¶ + -term {comerr-library-term} ¶ + -@export {comerr-library-export} ¶ + -map {comerr-library-output-folder}{comerr-library-name}{library-platform}{library-kind}.MAP ¶ + -o {comerr-library-output-folder}{comerr-library-name}{library-platform}{library-kind} ¶ + {comerr-library-linker-options} ¶ + {comerr-library-objects} {comerr-library-libraries} + ### Build commands gss-library Ä {gss-library-output-files} @@ -1022,6 +1173,7 @@ krb5-library krb5-globals-library Ä {krb5-globals-library-output-files} krb5-globals-data-library Ä {krb5-globals-data-library-output-files} profile-library Ä {profile-library-output-files} +comerr-library Ä {comerr-library-output-files} {gss-library-output-files} ÄÄ {gss-library-dependencies} {makefile-name} {create-folder} {gss-library-output-folder} @@ -1043,14 +1195,20 @@ profile-library {create-folder} {profile-library-output-folder} {profile-library-build-command} +{comerr-library-output-files} ÄÄ {comerr-library-dependencies} {makefile-name} + {create-folder} {comerr-library-output-folder} + {comerr-library-build-command} + ############################################################################################################## ### Default compilation rules ############################################################################################################## {object-suffix} Ä .c {autogenerated-files} {makefile-name} {precompiled-headers} + echo {DepDir}{Default}.c {compiler} {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix} {compiler-options} {object-suffix-data} Ä .c {autogenerated-files} {makefile-name} {precompiled-headers} + echo {DepDir}{Default}.c {compiler} {DepDir}{Default}.c -o {DepDir}{Default}{object-suffix-data} {compiler-options} ############################################################################################################## @@ -1060,18 +1218,26 @@ profile-library classic-glue-generation-script = {root-folder}mac:CFMGlue.pl gss-library-glue-output-folder = {root-folder}:GSSLib:ClassicGlue: krb5-library-glue-output-folder = {root-folder}:Kerberos5Lib:ClassicGlue: +profile-library-glue-output-folder = {root-folder}:KerberosProfileLib:ClassicGlue: +comerr-library-glue-output-folder = {root-folder}:ComErrLib:ClassicGlue: gss-library-glue-output = {gss-library-glue-output-folder}GSSLib.glue.c krb5-library-glue-output = {krb5-library-glue-output-folder}Kerberos5Lib.glue.c +profile-library-glue-output = {profile-library-glue-output-folder}KrbProfileLib.glue.c +comerr-library-glue-output = {comerr-library-glue-output-folder}ComErrLib.glue.c classic-glue-output = ¶ {gss-library-glue-output} ¶ - {krb5-library-glue-output} + {krb5-library-glue-output} ¶ + {profile-library-glue-output} ¶ + {comerr-library-glue-output} glue Ä {classic-glue-output} glue-gss Ä {gss-library-glue-output} glue-krb5 Ä {krb5-library-glue-output} +glue-profile Ä {profile-library-glue-output} +glue-comerr Ä {comerr-library-glue-output} {krb5-library-glue-output} Ä {root-folder}mac:K5.CFMglue.cin {root-folder}mac:K5.CFMglue.proto.h ¶ {root-folder}mac:CFMglue.c {root-folder}mac:K5.moreCFMglue.cin {classic-glue-generation-script} @@ -1087,6 +1253,20 @@ glue-krb5 Catenate {root-folder}mac:GSS.CFMglue.cin {root-folder}mac:CFMglue.c {root-folder}mac:GSS.CFMglue.c ¶ {root-folder}mac:GSS.moreCFMglue.cin | Catenate > {gss-library-glue-output} +{profile-library-glue-output} Ä {root-folder}mac:KrbProfileLib.glue.pre.cin {root-folder}mac:KrbProfileLib.glue.proto.h ¶ + {root-folder}mac:CFMglue.c {root-folder}mac:KrbProfileLib.glue.post.cin {classic-glue-generation-script} + {create-folder} {profile-library-glue-output-folder} + perl {classic-glue-generation-script} < {root-folder}mac:KrbProfileLib.glue.proto.h > {root-folder}mac:KrbProfileLib.CFMglue.c + Catenate {root-folder}mac:KrbProfileLib.glue.pre.cin {root-folder}mac:CFMglue.c {root-folder}mac:KrbProfileLib.CFMglue.c ¶ + {root-folder}mac:KrbProfileLib.glue.post.cin | Catenate > {profile-library-glue-output} + +{comerr-library-glue-output} Ä {root-folder}mac:ComErrLib.glue.pre.cin {root-folder}mac:ComErrLib.glue.proto.h ¶ + {root-folder}mac:CFMglue.c {root-folder}mac:ComErrLib.glue.post.cin {classic-glue-generation-script} + {create-folder} {comerr-library-glue-output-folder} + perl {classic-glue-generation-script} < {root-folder}mac:ComErrLib.glue.proto.h > {root-folder}mac:ComErrLib.CFMglue.c + Catenate {root-folder}mac:ComErrLib.glue.pre.cin {root-folder}mac:CFMglue.c {root-folder}mac:ComErrLib.CFMglue.c ¶ + {root-folder}mac:ComErrLib.glue.post.cin | Catenate > {comerr-library-glue-output} + ############################################################################################################## ### Clean target deletes all generated files ############################################################################################################## @@ -1193,3 +1373,45 @@ headers End Duplicate -y "{root-folder}util:profile:profile.h" "{Targ}" SetFile -a l "{Targ}" + +############################################################################################################## +### Copying documentation around +############################################################################################################## + +gss-documentation-output-folder = {root-folder}:GSSLib:Documentation: +krb5-documentation-output-folder = {root-folder}:Kerberos5Lib:Documentation: +krb5-globals-documentation-output-folder = {root-folder}:Kerberos5GlobalsLib:Documentation: +profile-documentation-output-folder = {root-folder}:KerberosProfileLib:Documentation: + +gss-documentation-output = "" + +krb5-documentation-output = ¶ + "{krb5-documentation-output-folder}krb5api.pdf" + +krb5-globals-documentation-output = ¶ + "{krb5-globals-documentation-output-folder}Kerberos5Globals.html" + +profile-documentation-output = "" + +documentation-output = {gss-documentation-output} {krb5-documentation-output} ¶ + {krb5-globals-documentation-output} {profile-documentation-output} + +documentation Ä {documentation-output} + +"{krb5-documentation-output-folder}krb5api.pdf" Ä {makefile-name} + "{create-folder}" "{TargDir}" + If (`Exists "{Targ}" | Count -l`) + SetFile -a l "{Targ}" + End + If (`Exists "{root-folder}:::Documentation:pdf:krb5api.pdf"`) + Duplicate -y "{root-folder}:::Documentation:pdf:krb5api.pdf" "{Targ}" + End + SetFile -a l "{Targ}" + +"{krb5-globals-documentation-output-folder}Kerberos5Globals.html" Ä "{root-folder}mac:libraries:Kerberos v5 Globals:Krb5Globals.html" {makefile-name} + "{create-folder}" "{TargDir}" + If (`Exists "{Targ}" | Count -l`) + SetFile -a l "{Targ}" + End + Duplicate -y "{root-folder}mac:libraries:Kerberos v5 Globals:Krb5Globals.html" "{Targ}" + SetFile -a l "{Targ}" diff --git a/src/mac/Release notes b/src/mac/Release notes index 3aeaf2bb8..f2a48a63b 100644 --- a/src/mac/Release notes +++ b/src/mac/Release notes @@ -110,6 +110,8 @@ Changes in 1.1a3: separated profile lib fixed krb5 library CFM version numbers fixed makefile and perl scripts to build form arbitrary root + +--- version upped to 2.5a1 --- 2.5a1 - Monday, July 26, 1999 1:00:00 PM changed profile lib to use FSSpecs @@ -118,4 +120,15 @@ Changes in 1.1a3: removed "MIT Kerberos¥GSSLib" alias removed "K5Library alias" removed com_err exports from krb5 lib - fixed win-mac.h redefinition of size_t \ No newline at end of file + fixed win-mac.h redefinition of size_t + +2.5a2 - Friday, August 6, 1999 1:40:00 PM + fixed huge profile memory leak + fixed memory leak in krb5_stdcc_destroy + added traceback tables to PPC versions + +2.5b1 + from tag Mac_GSSKerberos5_2_5b1 + separated com_err lib + now tracking krb5-1-1 branch + added CCache cleanup to CFM termination procs \ No newline at end of file diff --git a/src/mac/macfile_gen.pl b/src/mac/macfile_gen.pl index 6bddb2387..00d53657a 100644 --- a/src/mac/macfile_gen.pl +++ b/src/mac/macfile_gen.pl @@ -8,6 +8,7 @@ # gss-sources -- complete list of mac GSS sources, relative to root # krb5-sources -- complete list of mac Krb5 sources, relative to root # profile-sources -- complete list of mac profile sources, relative to root +# comerr-sources -- complete list of mac com_err sources, relative to root # gss-objects-ppc-debug -- complete list of mac GSS PPC debug objects, relative to root # gss-objects-68k-debug -- complete list of mac GSS 68K debug objects, relative to root # gss-objects-ppc-final -- complete list of mac GSS PPC final objects, relative to root @@ -20,13 +21,17 @@ # profile-objects-68k-debug -- complete list of mac profile v5 68K debug objects, relative to root # profile-objects-ppc-final -- complete list of mac profile v5 PPC final objects, relative to root # profile-objects-68k-final -- complete list of mac profile v5 68K final objects, relative to root +# comerr-objects-ppc-debug -- complete list of mac com_err PPC debug objects, relative to root +# comerr-objects-68k-debug -- complete list of mac com_err v5 68K debug objects, relative to root +# comerr-objects-ppc-final -- complete list of mac com_err v5 PPC final objects, relative to root +# comerr-objects-68k-final -- complete list of mac com_err v5 68K final objects, relative to root # include-folders -- complete list of include paths, relative to root # # input on stdin # output on stdout # Check number of arguments -if (scalar @ARGV != 3) { +if (scalar @ARGV != 2) { print (STDERR "Got " . scalar @ARGV . " arguments, expected 2"); &usage; exit; @@ -35,7 +40,7 @@ if (scalar @ARGV != 3) { # Parse arguments $action = $ARGV [0]; $ROOT = $ARGV [1]; -$prefix = $ARGV [2]; +#$prefix = $ARGV [2]; # Read source list if ($action ne "all-files") { @@ -46,9 +51,9 @@ if ($action ne "all-files") { } else { @sourceList = &make_macfile_maclist (&make_macfile_list ()); - foreach (@sourceList) { - $_ =~ s/^:/$prefix/; - } +# foreach (@sourceList) { +# $_ =~ s/^:/$prefix/; +# } # @sourceList = map { $prefix . $_;} @sourceList; } @@ -92,6 +97,12 @@ if ($action eq "all-folders") { @outputList = grep (/:profile:/, @sourceList); print (STDERR "Done. \n"); +} elsif ($action eq "comerr-sources") { + + print (STDERR "# Building profile source listÉ "); + @outputList = grep (/:et:/, @sourceList); + print (STDERR "Done. \n"); + } elsif ($action eq "gss-objects-ppc-debug") { print (STDERR "# Building GSS PPC debug object listÉ "); @@ -152,28 +163,56 @@ if ($action eq "all-folders") { print (STDERR "# Building profile PPC debug object listÉ "); @outputList = grep (s/\.c$/\.ppcd.o/, @sourceList); - @outputList = grep (/:profile:|:et:/, @outputList); + @outputList = grep (/:profile:/, @outputList); print (STDERR "Done. \n"); } elsif ($action eq "profile-objects-68k-debug") { print (STDERR "# Building profile 68K debug object listÉ "); @outputList = grep (s/\.c$/\.68kd.o/, @sourceList); - @outputList = grep (/:profile:|:et:/, @outputList); + @outputList = grep (/:profile:/, @outputList); print (STDERR "Done. \n"); } elsif ($action eq "profile-objects-ppc-final") { print (STDERR "# Building profile PPC final object listÉ "); @outputList = grep (s/\.c$/\.ppcf.o/, @sourceList); - @outputList = grep (/:profile:|:et:/, @outputList); + @outputList = grep (/:profile:/, @outputList); print (STDERR "Done. \n"); } elsif ($action eq "profile-objects-68k-final") { print (STDERR "# Building profile 68K final object listÉ "); @outputList = grep (s/\.c$/\.68kf.o/, @sourceList); - @outputList = grep (/:profile:|:et:/, @outputList); + @outputList = grep (/:profile:/, @outputList); + print (STDERR "Done. \n"); + +} elsif ($action eq "comerr-objects-ppc-debug") { + + print (STDERR "# Building com_err PPC debug object listÉ "); + @outputList = grep (s/\.c$/\.ppcd.o/, @sourceList); + @outputList = grep (/:et:/, @outputList); + print (STDERR "Done. \n"); + +} elsif ($action eq "comerr-objects-68k-debug") { + + print (STDERR "# Building com_err 68K debug object listÉ "); + @outputList = grep (s/\.c$/\.68kd.o/, @sourceList); + @outputList = grep (/:et:/, @outputList); + print (STDERR "Done. \n"); + +} elsif ($action eq "comerr-objects-ppc-final") { + + print (STDERR "# Building com_err PPC final object listÉ "); + @outputList = grep (s/\.c$/\.ppcf.o/, @sourceList); + @outputList = grep (/:et:/, @outputList); + print (STDERR "Done. \n"); + +} elsif ($action eq "comerr-objects-68k-final") { + + print (STDERR "# Building com_err 68K final object listÉ "); + @outputList = grep (s/\.c$/\.68kf.o/, @sourceList); + @outputList = grep (/:et:/, @outputList); print (STDERR "Done. \n"); } elsif ($action eq "include-folders") { diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog index f464d3ee2..4cecec791 100644 --- a/src/tests/dejagnu/config/ChangeLog +++ b/src/tests/dejagnu/config/ChangeLog @@ -1,3 +1,28 @@ +1999-08-31 Ken Raeburn + + * default.exp (setup_kerberos_files): Set kdc_supported_enctypes + in kdc.conf, and include des3-cbc-sha1:normal. + (setup_kerberos_db): If setting up krbtgt to use des3, now use + only des3, not des3 and des-crc both. + +1999-08-30 Ken Raeburn + + * default.exp (des3_krbtgt): New variable. + (setup_kerberos_files): Remove des3 from supported_enctypes in + kdc.conf. + (setup_kerberos_db): If des3_krbtgt is set, change krbtgt key, and + get a des3 key in addition to des. + +1999-08-27 Ken Raeburn + + * default.exp: Set default principal expiration a bit further into + the future. + +1999-08-26 Tom Yu + + * default.exp (setup_kerberos_files): Tweak enctypes entered into + config files to exercise 3DES a little. + Fri Jan 30 23:48:57 1998 Tom Yu * default.exp: Add kpasswd_server to krb5.conf. diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index c5b626192..6b53e3522 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -15,6 +15,8 @@ set timeout 100 set stty_init {erase \^h kill \^u} set env(TERM) dumb +set des3_krbtgt 1 + # We do everything in a temporary directory. if ![file isdirectory tmpdir] {catch "exec mkdir tmpdir" status} @@ -309,7 +311,7 @@ proc setup_kerberos_files { } { set conffile [open tmpdir/krb5.conf w] puts $conffile "\[libdefaults\]" puts $conffile " default_realm = $REALMNAME" - puts $conffile "default_tgs_enctypes = des3-cbc-md5 des-cbc-md5 des-cbc-crc" + puts $conffile "default_tgs_enctypes = des-cbc-md5 des-cbc-crc" puts $conffile "" puts $conffile "\[realms\]" puts $conffile " $REALMNAME = \{" @@ -350,9 +352,11 @@ proc setup_kerberos_files { } { puts $conffile " max_renewable_life = 3:00:00" puts $conffile " master_key_type = des-cbc-md5" puts $conffile " master_key_name = master/key" - puts $conffile " supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm" +# des3-cbc-sha1:normal + puts $conffile " supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm" + puts $conffile " kdc_supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm" puts $conffile " kdc_ports = 3088" - puts $conffile " default_principal_expiration = 99.12.31.23.59.59" + puts $conffile " default_principal_expiration = 2037.12.31.23.59.59" puts $conffile " default_principal_flags = -postdateable forwardable" puts $conffile " \}" puts $conffile "" @@ -579,6 +583,7 @@ proc setup_kerberos_db { standalone } { global KEY global tmppwd global spawn_id + global des3_krbtgt if {!$standalone && [file exists tmpdir/db.ok]} { return 1 @@ -730,6 +735,46 @@ proc setup_kerberos_db { standalone } { return 0 } + if $des3_krbtgt { + # Set the TGT key to DES3. + spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal + expect_after { + timeout { + catch "expect_after" + fail "kadmin.local (timeout)" + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok tmpdir/adb.db" + } + return 0 + } + eof { + catch "expect_after" + fail "kadmin.local (eof)" + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok tmpdir/adb.db" + } + return 0 + } + } + expect "kadmin.local: " + send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" + # It echos... + expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" + expect { + "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { } + } + expect "kadmin.local: " + send "quit\r" + expect "\r" + expect_after + if ![check_exit_status kadmin_local] { + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok tmpdir/adb.db" + } + return 0 + } + } + if ![setup_kadmind_srvtab] { return 0 } diff --git a/src/util/ChangeLog b/src/util/ChangeLog index c72703068..2682795da 100644 --- a/src/util/ChangeLog +++ b/src/util/ChangeLog @@ -1,3 +1,7 @@ +1999-08-16 Tom Yu + + * mkrel (reldate): Fix to deal with release branch snapshots. + Wed May 19 11:43:36 1999 Danilo Almeida * Makefile.in: Add all and cleanup rules for windows for windows, diff --git a/src/util/db2/ChangeLog b/src/util/db2/ChangeLog index f7617d5f6..7972728d6 100644 --- a/src/util/db2/ChangeLog +++ b/src/util/db2/ChangeLog @@ -1,3 +1,13 @@ +1999-08-15 Tom Yu + + * README.NOT.SLEEPYCAT.DB: New file; pointer to README to + hopefully unconfuse people. + + * README: Add notice to the effect that this is not Berkeley or + Sleepycat DB. + + * README.db2: Renamed from README. + Fri Feb 13 14:37:47 1998 Tom Yu * recno/extern.h: Additional renaming. diff --git a/src/util/db2/README b/src/util/db2/README index 5700b7393..70118bef5 100644 --- a/src/util/db2/README +++ b/src/util/db2/README @@ -1,41 +1,17 @@ -# @(#)README 8.28 (Berkeley) 11/2/95 - -This is version 2.0-ALPHA of the Berkeley DB code. -THIS IS A PRELIMINARY RELEASE. - -For information on compiling and installing this software, see the file -PORT/README. - -Newer versions of this software will periodically be made available by -anonymous ftp from ftp.cs.berkeley.edu:ucb/4bsd/db.tar.{Z,gz} and from -ftp.harvard.edu:margo/db.tar.{Z,gz}. If you want to receive announcements -of future releases of this software, send email to the contact address -below. - -Email questions may be addressed to dbinfo@eecs.harvard.edu. - -============================================ -Distribution contents: - -README This file. -CHANGELOG List of changes, per version. -btree B+tree access method. -db The db_open interface routine. -docs Various USENIX papers, and the formatted manual pages. -hash Extended linear hashing access method. -lock Lock manager. -log Log manager. -man The unformatted manual pages. -mpool The buffer manager support. -mutex Mutex support. -recno The fixed/variable length record access method. -test Test package. -txn Transaction support. - -============================================ -Debugging: - -If you're running a memory checker (e.g. Purify) on DB, make sure that -you recompile it with "-DPURIFY" in the CFLAGS, first. By default, -allocated pages are not initialized by the DB code, and they will show -up as reads of uninitialized memory in the buffer write routines. + IMPORTANT NOTICE: + +This directory contains code of somewhat unknown origin that is +INCOMPATIBLE with both Berkeley DB 1.85 and Sleepycat DB 2.x. Do NOT +contact Sleepycat regarding bugs in code found here; they do not +appreciate it. All bug reports about this code should go to the MIT +Kerberos team via krb5-send-pr or email to krb5-bugs@mit.edu, as +usual. + +It is believed that this "db" code originated from Berkeley DB 1.85 +and was further modified by Cygnus and the MIT Kerberos team. Some +significant changes to the hash code occured at some point. + +The file README.db2 contains the README file provided with the +2.0-alpha release of Berkeley/Sleepycat DB, which may contain +marginally useful information. It is not known at this time how well +this code matches that of the 2.0-alpha release. diff --git a/src/util/db2/README.NOT.SLEEPYCAT.DB b/src/util/db2/README.NOT.SLEEPYCAT.DB new file mode 100644 index 000000000..112454e94 --- /dev/null +++ b/src/util/db2/README.NOT.SLEEPYCAT.DB @@ -0,0 +1,2 @@ +THIS IS NOT THE SLEEPYCAT DB. +Please see the README file for more information. diff --git a/src/util/db2/README.db2 b/src/util/db2/README.db2 new file mode 100644 index 000000000..5700b7393 --- /dev/null +++ b/src/util/db2/README.db2 @@ -0,0 +1,41 @@ +# @(#)README 8.28 (Berkeley) 11/2/95 + +This is version 2.0-ALPHA of the Berkeley DB code. +THIS IS A PRELIMINARY RELEASE. + +For information on compiling and installing this software, see the file +PORT/README. + +Newer versions of this software will periodically be made available by +anonymous ftp from ftp.cs.berkeley.edu:ucb/4bsd/db.tar.{Z,gz} and from +ftp.harvard.edu:margo/db.tar.{Z,gz}. If you want to receive announcements +of future releases of this software, send email to the contact address +below. + +Email questions may be addressed to dbinfo@eecs.harvard.edu. + +============================================ +Distribution contents: + +README This file. +CHANGELOG List of changes, per version. +btree B+tree access method. +db The db_open interface routine. +docs Various USENIX papers, and the formatted manual pages. +hash Extended linear hashing access method. +lock Lock manager. +log Log manager. +man The unformatted manual pages. +mpool The buffer manager support. +mutex Mutex support. +recno The fixed/variable length record access method. +test Test package. +txn Transaction support. + +============================================ +Debugging: + +If you're running a memory checker (e.g. Purify) on DB, make sure that +you recompile it with "-DPURIFY" in the CFLAGS, first. By default, +allocated pages are not initialized by the DB code, and they will show +up as reads of uninitialized memory in the buffer write routines. diff --git a/src/util/et/ChangeLog b/src/util/et/ChangeLog index f5707d3e9..9d99e8abf 100644 --- a/src/util/et/ChangeLog +++ b/src/util/et/ChangeLog @@ -1,3 +1,7 @@ +1999-08-18 Miro Jurisic + + * et.exp: Added et.exp, MacOS export file for com_err library + 1999-06-15 Danilo Almeida * texinfo.tex: Get rid of control characters in text file. diff --git a/src/util/et/et.exp b/src/util/et/et.exp new file mode 100644 index 000000000..00e15a2df --- /dev/null +++ b/src/util/et/et.exp @@ -0,0 +1,8 @@ +# +# comerr library Macintosh export file +# +# $Header$ + +error_message +add_error_table +remove_error_table diff --git a/src/util/mkrel b/src/util/mkrel index ae7a1ed37..e534a478f 100644 --- a/src/util/mkrel +++ b/src/util/mkrel @@ -54,6 +54,19 @@ krb5-*.*.*) relminor=`echo $release|awk -F. '{print $2}'` relpatch=`echo $release|awk -F. '{print $3}'` ;; +krb5-*.*-current) + release=`echo $reldir|sed -e 's/krb5-//'` + relhead=`echo $release|sed -e 's/-.*//'` + relmajor=`echo $relhead|awk -F. '{print $1}'` + relminor=`echo $relhead|awk -F. '{print $2}'` + release=${relhead}-$reldate + ;; +krb5-*.*-*) + release=`echo $reldir|sed -e 's/krb5-//'` + relhead=`echo $release|sed -e 's/-.*//'` + relmajor=`echo $relhead|awk -F. '{print $1}'` + relminor=`echo $relhead|awk -F. '{print $2}'` + ;; krb5-*.*) release=`echo $reldir|sed -e 's/krb5-//'` relmajor=`echo $release|awk -F. '{print $1}'` @@ -62,9 +75,18 @@ krb5-*.*) krb5-current) release=current-$reldate ;; -*);; +*) + release="$reldir" + ;; esac +echo "release=$release" +echo "major=$relmajor minor=$relminor patch=$relpatch" + +# $release is used for send-pr +# $reltag, $release, $reldate are used for brand.c currently +# $relmajor, $relminor, $relpatch are used for patchlevel.h currently + if test $checkout = t; then echo "Checking out krb5 with tag $reltag into directory $reldir..." cvs -q -d $repository export -r$reltag -d $reldir krb5 diff --git a/src/util/profile/ChangeLog b/src/util/profile/ChangeLog index 6bf48732b..bf16b30fb 100644 --- a/src/util/profile/ChangeLog +++ b/src/util/profile/ChangeLog @@ -1,3 +1,23 @@ +1999-09-01 Danilo Almeida + + * profile.hin (profile_init, profile_init_path): Define and use + const_profile_filespec_t. + + * prof_init.c (profile_init, profile_init_path): + * prof_file.c (profile_open_file): + * prof_int.h (profile_open_file): Use const_profile_filespec_t. + + * prof_int.h (PROFILE_LAST_FILESPEC): Compare a char against a char, + not a void*. + + * Makefile.in: Remove DOSDEFS to avoid warnings. The thing it + defined is already set in win-mac.h. + +1999-08-18 Miro Jurisic + + * profile.exp: removed com_err functions (they are in a library + of their own now) from MacOS export file + 1999-08-05 Danilo Almeida * prof_get.c (profile_free_string): diff --git a/src/util/profile/Makefile.in b/src/util/profile/Makefile.in index 4d15050a3..526684ccc 100644 --- a/src/util/profile/Makefile.in +++ b/src/util/profile/Makefile.in @@ -7,9 +7,8 @@ PROG_RPATH=$(KRB5_LIBDIR) ##DOS##BUILDTOP = ..\.. ##DOS##OBJFILE=$(OUTPRE)profile.lst ##DOS##LIBNAME=$(OUTPRE)profile.lib -##DOS##DOSDEFS=-DHAVE_STDLIB_H -CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) $(DOSDEFS) +CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) LOCALINCLUDE=-I. -I$(srcdir)/../et diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index 53f4ab706..77c4f551e 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -67,7 +67,7 @@ static int rw_access(filespec) } errcode_t profile_open_file(filespec, ret_prof) - profile_filespec_t filespec; + const_profile_filespec_t filespec; prf_file_t *ret_prof; { prf_file_t prf; diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c index 5668d98f3..7f35e4421 100644 --- a/src/util/profile/prof_init.c +++ b/src/util/profile/prof_init.c @@ -25,16 +25,16 @@ error(do not have a 4-byte integer type) KRB5_DLLIMP errcode_t KRB5_CALLCONV profile_init(files, ret_profile) - profile_filespec_t *files; + const_profile_filespec_t *files; profile_t *ret_profile; { - profile_filespec_t *fs; + const_profile_filespec_t *fs; profile_t profile; prf_file_t new_file, last = 0; errcode_t retval = 0; initialize_prof_error_table(); - + profile = malloc(sizeof(struct _profile_t)); if (!profile) return ENOMEM; @@ -79,7 +79,7 @@ profile_init(files, ret_profile) */ KRB5_DLLIMP errcode_t KRB5_CALLCONV profile_init_path(filepath, ret_profile) - profile_filespec_list_t filepath; + const_profile_filespec_list_t filepath; profile_t *ret_profile; { int n_entries, i; diff --git a/src/util/profile/prof_int.h b/src/util/profile/prof_int.h index 970b42e01..76cebf136 100644 --- a/src/util/profile/prof_int.h +++ b/src/util/profile/prof_int.h @@ -80,7 +80,7 @@ struct _profile_t { */ #ifdef PROFILE_USES_PATHS -#define PROFILE_LAST_FILESPEC(x) (((x) == NULL) || ((x)[0] == NULL)) +#define PROFILE_LAST_FILESPEC(x) (((x) == NULL) || ((x)[0] == '\0')) #else #define PROFILE_LAST_FILESPEC(x) (((x).vRefNum == 0) && ((x).parID == 0) && ((x).name[0] == '\0')) #endif @@ -173,7 +173,7 @@ errcode_t profile_rename_node /* prof_file.c */ errcode_t profile_open_file - PROTOTYPE ((profile_filespec_t file, prf_file_t *ret_prof)); + PROTOTYPE ((const_profile_filespec_t file, prf_file_t *ret_prof)); errcode_t profile_update_file PROTOTYPE ((prf_file_t profile)); diff --git a/src/util/profile/profile.exp b/src/util/profile/profile.exp index 23629094b..3eaeb1dfd 100644 --- a/src/util/profile/profile.exp +++ b/src/util/profile/profile.exp @@ -25,9 +25,6 @@ profile_add_relation ### Temporary -- DO NOT USE -error_message -add_error_table -remove_error_table profile_ser_internalize profile_ser_externalize profile_ser_size diff --git a/src/util/profile/profile.hin b/src/util/profile/profile.hin index 420b955d4..f681f36f4 100644 --- a/src/util/profile/profile.hin +++ b/src/util/profile/profile.hin @@ -51,21 +51,25 @@ extern "C" { #endif #ifdef PROFILE_USES_PATHS -typedef char* profile_filespec_t; /* path as C string */ +typedef char* profile_filespec_t; /* path as C string */ typedef char* profile_filespec_list_t; /* list of : separated paths, C string */ +typedef const char* const_profile_filespec_t; /* path as C string */ +typedef const char* const_profile_filespec_list_t; /* list of : separated paths, C string */ #else /* On MacOS, we use native file specifiers as unique file identifiers */ #include typedef FSSpec profile_filespec_t; -typedef FSSpec* profile_filespec_list_t; - /* array should be terminated with {0, 0, ""} */ +typedef FSSpec* profile_filespec_list_t; +/* array should be terminated with {0, 0, ""} */ +typedef FSSpec const_profile_filespec_t; +typedef FSSpec* const_profile_filespec_list_t; #endif KRB5_DLLIMP long KRB5_CALLCONV profile_init - PROTOTYPE ((profile_filespec_t *files, profile_t *ret_profile)); + PROTOTYPE ((const_profile_filespec_t *files, profile_t *ret_profile)); KRB5_DLLIMP long KRB5_CALLCONV profile_init_path - PROTOTYPE ((profile_filespec_list_t filelist, profile_t *ret_profile)); + PROTOTYPE ((const_profile_filespec_list_t filelist, profile_t *ret_profile)); KRB5_DLLIMP long KRB5_CALLCONV profile_flush PROTOTYPE ((profile_t profile)); diff --git a/src/windows/ChangeLog b/src/windows/ChangeLog index 8e874b79c..5f3cb7bfb 100644 --- a/src/windows/ChangeLog +++ b/src/windows/ChangeLog @@ -1,3 +1,10 @@ +1999-09-01 Danilo Almeida + + * readme, README: readme renamed to README. + + * version.rc: Boost version to 1.1. Include 1998 & 1999 in copyright + years. + 1999-06-21 Danilo Almeida * version.rc: Boost version to 1.0.8. diff --git a/src/windows/readme b/src/windows/README similarity index 100% rename from src/windows/readme rename to src/windows/README diff --git a/src/windows/cns/ChangeLog b/src/windows/cns/ChangeLog index 3d42fe7b7..47b829b3a 100644 --- a/src/windows/cns/ChangeLog +++ b/src/windows/cns/ChangeLog @@ -1,3 +1,8 @@ +1999-08-26 Danilo Almeida + + * cns_reg.c (cns_load_registry, cns_save_registry): Honor setting + in cns_res.cc_override. + Mon May 17 19:55:08 1999 Danilo Almeida * Makefile.in: Add included version resouce script to diff --git a/src/windows/cns/cns_reg.c b/src/windows/cns/cns_reg.c index 95a5a5f87..400d72d23 100644 --- a/src/windows/cns/cns_reg.c +++ b/src/windows/cns/cns_reg.c @@ -135,7 +135,7 @@ cns_load_registry(void) } else strcpy(cns_res.confname, cns_res.def_confname); - if (registry_string_get(key, "ccname", &ts) == 0) { + if (cns_res.cc_override && (registry_string_get(key, "ccname", &ts) == 0)) { strcpy(cns_res.ccname, ts); free(ts); } else @@ -197,15 +197,20 @@ cns_save_registry(void) registry_string_set(key, "realm", cns_res.realm); if (cns_res.conf_override) - if (strcmp(cns_res.confname, cns_res.def_confname)) - registry_string_set(key, "confname", cns_res.confname); - else - registry_value_delete(key, "confname"); + { + if (strcmp(cns_res.confname, cns_res.def_confname)) + registry_string_set(key, "confname", cns_res.confname); + else + registry_value_delete(key, "confname"); + } - if (strcmp(cns_res.ccname, cns_res.def_ccname)) + if (cns_res.cc_override) + { + if (strcmp(cns_res.ccname, cns_res.def_ccname)) registry_string_set(key, "ccname", cns_res.ccname); - else + else registry_value_delete(key, "ccname"); + } for (i = 0 ; i < FILE_MENU_MAX_LOGINS ; i++) if (cns_res.logins[i][0] != '\0') { diff --git a/src/windows/version.rc b/src/windows/version.rc index 6a6896f1f..346c69b30 100644 --- a/src/windows/version.rc +++ b/src/windows/version.rc @@ -13,10 +13,10 @@ /* we're going to stamp all the DLLs with the same version number */ -#define K5_PRODUCT_VERSION_STRING "1.0.8\0" -#define K5_PRODUCT_VERSION 1, 0, 8, 0 +#define K5_PRODUCT_VERSION_STRING "1.1\0" +#define K5_PRODUCT_VERSION 1, 1, 0, 0 -#define K5_COPYRIGHT "Copyright (C) 1997 by the Massachusetts Institute of Technology\0" +#define K5_COPYRIGHT "Copyright (C) 1997-1999 by the Massachusetts Institute of Technology\0" #define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0" /*