diff options
Diffstat (limited to 'crypto/heimdal/lib/gssapi')
42 files changed, 0 insertions, 7968 deletions
diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c deleted file mode 100644 index 03992a4cf30a..000000000000 --- a/crypto/heimdal/lib/gssapi/8003.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: 8003.c,v 1.11 2002/03/10 23:47:39 assar Exp $"); - -static krb5_error_code -encode_om_uint32(OM_uint32 n, u_char *p) -{ - p[0] = (n >> 0) & 0xFF; - p[1] = (n >> 8) & 0xFF; - p[2] = (n >> 16) & 0xFF; - p[3] = (n >> 24) & 0xFF; - return 0; -} - -static krb5_error_code -decode_om_uint32(u_char *p, OM_uint32 *n) -{ - *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); - return 0; -} - -static krb5_error_code -hash_input_chan_bindings (const gss_channel_bindings_t b, - u_char *p) -{ - u_char num[4]; - MD5_CTX md5; - - MD5_Init(&md5); - encode_om_uint32 (b->initiator_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); - encode_om_uint32 (b->initiator_address.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->initiator_address.length) - MD5_Update (&md5, - b->initiator_address.value, - b->initiator_address.length); - encode_om_uint32 (b->acceptor_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); - encode_om_uint32 (b->acceptor_address.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->acceptor_address.length) - MD5_Update (&md5, - b->acceptor_address.value, - b->acceptor_address.length); - encode_om_uint32 (b->application_data.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->application_data.length) - MD5_Update (&md5, - b->application_data.value, - b->application_data.length); - MD5_Final (p, &md5); - return 0; -} - -/* - * create a checksum over the chanel bindings in - * `input_chan_bindings', `flags' and `fwd_data' and return it in - * `result' - */ - -OM_uint32 -gssapi_krb5_create_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - OM_uint32 flags, - const krb5_data *fwd_data, - Checksum *result) -{ - u_char *p; - - /* - * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value - * field's format) */ - result->cksumtype = 0x8003; - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) - result->checksum.length = 24 + 4 + fwd_data->length; - else - result->checksum.length = 24; - result->checksum.data = malloc (result->checksum.length); - if (result->checksum.data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = result->checksum.data; - encode_om_uint32 (16, p); - p += 4; - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { - memset (p, 0, 16); - } else { - hash_input_chan_bindings (input_chan_bindings, p); - } - p += 16; - encode_om_uint32 (flags, p); - p += 4; - - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { -#if 0 - u_char *tmp; - - result->checksum.length = 28 + fwd_data->length; - tmp = realloc(result->checksum.data, result->checksum.length); - if (tmp == NULL) - return ENOMEM; - result->checksum.data = tmp; - - p = (u_char*)result->checksum.data + 24; -#endif - *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ - *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ - *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ - *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ - memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); - - p += fwd_data->length; - } - - return GSS_S_COMPLETE; -} - -/* - * verify the checksum in `cksum' over `input_chan_bindings' - * returning `flags' and `fwd_data' - */ - -OM_uint32 -gssapi_krb5_verify_8003_checksum( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - const Checksum *cksum, - OM_uint32 *flags, - krb5_data *fwd_data) -{ - unsigned char hash[16]; - unsigned char *p; - OM_uint32 length; - int DlgOpt; - static unsigned char zeros[16]; - - /* XXX should handle checksums > 24 bytes */ - if(cksum->cksumtype != 0x8003) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p = cksum->checksum.data; - decode_om_uint32(p, &length); - if(length != sizeof(hash)) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p += 4; - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && memcmp(p, zeros, sizeof(zeros)) != 0) { - if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - if(memcmp(hash, p, sizeof(hash)) != 0) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - } - - p += sizeof(hash); - - decode_om_uint32(p, flags); - - if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { - - p += 4; - - DlgOpt = (p[0] << 0) | (p[1] << 8 ); - if (DlgOpt != 1) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p += 2; - fwd_data->length = (p[0] << 0) | (p[1] << 8); - fwd_data->data = malloc(fwd_data->length); - if (fwd_data->data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p += 2; - memcpy(fwd_data->data, p, fwd_data->length); - } - - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog deleted file mode 100644 index cd9d9c14953b..000000000000 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ /dev/null @@ -1,362 +0,0 @@ -2002-09-03 Johan Danielsson <joda@pdc.kth.se> - - * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE - - * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE - -2002-09-02 Johan Danielsson <joda@pdc.kth.se> - - * init_sec_context.c: we need to generate a local subkey here - -2002-08-20 Jacques Vidrine <n@nectar.com> - - * acquire_cred.c, inquire_cred.c, release_cred.c: Use default - credential resolution if gss_acquire_cred is called with - GSS_C_NO_NAME. - -2002-06-20 Jacques Vidrine <n@nectar.com> - - * import_name.c: Compare name types by value if pointers do - not match. Reported by: "Douglas E. Engert" <deengert@anl.gov> - -2002-05-20 Jacques Vidrine <n@nectar.com> - - * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize - the qop_state parameter. from Doug Rabson <dfr@nlsystems.com> - -2002-05-09 Jacques Vidrine <n@nectar.com> - - * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH - -2002-05-08 Jacques Vidrine <n@nectar.com> - - * acquire_cred.c: initialize gssapi; handle null desired_name - -2002-03-22 Johan Danielsson <joda@pdc.kth.se> - - * Makefile.am: remove non-functional stuff accidentally committed - -2002-03-11 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2 - * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel - bindings - -2001-10-31 Jacques Vidrine <n@nectar.com> - - * get_mic.c (mic_des3): MIC computation using DES3/SHA1 - was bogusly appending the message buffer to the result, - overwriting a heap buffer in the process. - -2001-08-29 Assar Westerlund <assar@sics.se> - - * 8003.c (gssapi_krb5_verify_8003_checksum, - gssapi_krb5_create_8003_checksum): make more consistent by always - returning an gssapi error and setting minor status. update - callers - -2001-08-28 Jacques Vidrine <n@nectar.com> - - * accept_sec_context.c: Create a cache for delegated credentials - when needed. - -2001-08-28 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 - -2001-08-23 Assar Westerlund <assar@sics.se> - - * *.c: handle minor_status more consistently - - * display_status.c (gss_display_status): handle krb5_get_err_text - failing - -2001-08-15 Johan Danielsson <joda@pdc.kth.se> - - * gssapi_locl.h: fix prototype for gssapi_krb5_init - -2001-08-13 Johan Danielsson <joda@pdc.kth.se> - - * accept_sec_context.c (gsskrb5_register_acceptor_identity): init - context and check return value from kt_resolve - - * init.c: return error code - -2001-07-19 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 - -2001-07-12 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LIBADD): add required library - dependencies - -2001-07-06 Assar Westerlund <assar@sics.se> - - * accept_sec_context.c (gsskrb5_register_acceptor_identity): set - the keytab to be used for gss_acquire_cred too' - -2001-07-03 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 - -2001-06-18 Assar Westerlund <assar@sics.se> - - * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey - and gss_krb5_get_remotekey - * verify_mic.c: update krb5_auth_con function names use - gss_krb5_get_remotekey - * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey - and gss_krb5_get_remotekey - * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): - add prototypes - * get_mic.c: update krb5_auth_con function names. use - gss_krb5_get_localkey - * accept_sec_context.c: update krb5_auth_con function names - -2001-05-17 Assar Westerlund <assar@sics.se> - - * Makefile.am: bump version to 3:1:2 - -2001-05-14 Assar Westerlund <assar@sics.se> - - * address_to_krb5addr.c: adapt to new address functions - -2001-05-11 Assar Westerlund <assar@sics.se> - - * try to return the error string from libkrb5 where applicable - -2001-05-08 Assar Westerlund <assar@sics.se> - - * delete_sec_context.c (gss_delete_sec_context): remember to free - the memory used by the ticket itself. from <tmartin@mirapoint.com> - -2001-05-04 Assar Westerlund <assar@sics.se> - - * gssapi_locl.h: add config.h for completeness - * gssapi.h: remove config.h, this is an installed header file - sys/types.h is not needed either - -2001-03-12 Assar Westerlund <assar@sics.se> - - * acquire_cred.c (gss_acquire_cred): remove memory leaks. from - Jason R Thorpe <thorpej@zembu.com> - -2001-02-18 Assar Westerlund <assar@sics.se> - - * accept_sec_context.c (gss_accept_sec_context): either return - gss_name NULL-ed or set - - * import_name.c: set minor_status in some cases where it was not - done - -2001-02-15 Assar Westerlund <assar@sics.se> - - * wrap.c: use krb5_generate_random_block for the confounders - -2001-01-30 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 - * acquire_cred.c, init_sec_context.c, release_cred.c: add support - for getting creds from a keytab, from fvdl@netbsd.org - - * copy_ccache.c: add gss_krb5_copy_ccache - -2001-01-27 Assar Westerlund <assar@sics.se> - - * get_mic.c: cast parameters to des function to non-const pointers - to handle the case where these functions actually take non-const - des_cblock * - -2001-01-09 Assar Westerlund <assar@sics.se> - - * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2 - instead of krb5_rd_cred - -2000-12-11 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1 - -2000-12-08 Assar Westerlund <assar@sics.se> - - * wrap.c (wrap_des3): use the checksum as ivec when encrypting the - sequence number - * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting - the sequence number - * init_sec_context.c (init_auth): always zero fwd_data - -2000-12-06 Johan Danielsson <joda@pdc.kth.se> - - * accept_sec_context.c: de-pointerise auth_context parameter to - krb5_mk_rep - -2000-11-15 Assar Westerlund <assar@sics.se> - - * init_sec_context.c (init_auth): update to new - krb5_build_authenticator - -2000-09-19 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1 - -2000-08-27 Assar Westerlund <assar@sics.se> - - * init_sec_context.c: actually pay attention to `time_req' - * init_sec_context.c: re-organize. leak less memory. - * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey): - update prototypes add assert.h - * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): - add - * verify_mic.c: re-organize and add 3DES code - * wrap.c: re-organize and add 3DES code - * unwrap.c: re-organize and add 3DES code - * get_mic.c: re-organize and add 3DES code - * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data', - let the caller do that. fix the callers. - -2000-08-16 Assar Westerlund <assar@sics.se> - - * Makefile.am: bump version to 2:1:1 - -2000-07-29 Assar Westerlund <assar@sics.se> - - * decapsulate.c (gssapi_krb5_verify_header): sanity-check length - -2000-07-25 Johan Danielsson <joda@pdc.kth.se> - - * Makefile.am: bump version to 2:0:1 - -2000-07-22 Assar Westerlund <assar@sics.se> - - * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other - details from rfc2744 - -2000-06-29 Assar Westerlund <assar@sics.se> - - * address_to_krb5addr.c (gss_address_to_krb5addr): actually use - `int' instead of `sa_family_t' for the address family. - -2000-06-21 Assar Westerlund <assar@sics.se> - - * add support for token delegation. From Daniel Kouril - <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz> - -2000-05-15 Assar Westerlund <assar@sics.se> - - * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1 - -2000-04-12 Assar Westerlund <assar@sics.se> - - * release_oid_set.c (gss_release_oid_set): clear set for - robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> - * release_name.c (gss_release_name): reset input_name for - robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> - * release_buffer.c (gss_release_buffer): set value to NULL to be - more robust. From GOMBAS Gabor <gombasg@inf.elte.hu> - * add_oid_set_member.c (gss_add_oid_set_member): actually check if - the oid is a member first. leave the oid_set unchanged if realloc - fails. - -2000-02-13 Assar Westerlund <assar@sics.se> - - * Makefile.am: set version to 1:0:1 - -2000-02-12 Assar Westerlund <assar@sics.se> - - * gssapi_locl.h: add flags for import/export - * import_sec_context.c (import_sec_context: add flags for what - fields are included. do not include the authenticator for now. - * export_sec_context.c (export_sec_context: add flags for what - fields are included. do not include the authenticator for now. - * accept_sec_context.c (gss_accept_sec_context): set target in - context_handle - -2000-02-11 Assar Westerlund <assar@sics.se> - - * delete_sec_context.c (gss_delete_sec_context): set context to - GSS_C_NO_CONTEXT - - * Makefile.am: add {export,import}_sec_context.c - * export_sec_context.c: new file - * import_sec_context.c: new file - * accept_sec_context.c (gss_accept_sec_context): set trans flag - -2000-02-07 Assar Westerlund <assar@sics.se> - - * Makefile.am: set version to 0:5:0 - -2000-01-26 Assar Westerlund <assar@sics.se> - - * delete_sec_context.c (gss_delete_sec_context): handle a NULL - output_token - - * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some - changes to libdes calls to make them more portable. - * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha. - some changes to libdes calls to make them more portable. - * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some - changes to libdes calls to make them more portable. - * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some - changes to libdes calls to make them more portable. - * 8003.c: update to pseudo-standard APIs for md4,md5,sha. - -2000-01-06 Assar Westerlund <assar@sics.se> - - * Makefile.am: set version to 0:4:0 - -1999-12-26 Assar Westerlund <assar@sics.se> - - * accept_sec_context.c (gss_accept_sec_context): always set - `output_token' - * init_sec_context.c (init_auth): always initialize `output_token' - * delete_sec_context.c (gss_delete_sec_context): always set - `output_token' - -1999-12-06 Assar Westerlund <assar@sics.se> - - * Makefile.am: bump version to 0:3:0 - -1999-10-20 Assar Westerlund <assar@sics.se> - - * Makefile.am: set version to 0:2:0 - -1999-09-21 Assar Westerlund <assar@sics.se> - - * init_sec_context.c (gss_init_sec_context): initialize `ticket' - - * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick. - - * delete_sec_context.c (gss_delete_sec_context): free ticket - - * accept_sec_context.c (gss_accept_sec_context): stove away - `krb5_ticket' in context so that ugly programs such as - gss_nt_server can get at it. uck. - -1999-09-20 Johan Danielsson <joda@pdc.kth.se> - - * accept_sec_context.c: set minor_status - -1999-08-04 Assar Westerlund <assar@sics.se> - - * display_status.c (calling_error, routine_error): right shift the - code to make it possible to index into the arrays - -1999-07-28 Assar Westerlund <assar@sics.se> - - * gssapi.h (GSS_C_AF_INET6): add - - * import_name.c (import_hostbased_name): set minor_status - -1999-07-26 Assar Westerlund <assar@sics.se> - - * Makefile.am: set version to 0:1:0 - -Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * display_status.c: set minor_status - - * init_sec_context.c: set minor_status - - * lib/gssapi/init.c: remove donep (check gssapi_krb5_context - directly) - diff --git a/crypto/heimdal/lib/gssapi/Makefile b/crypto/heimdal/lib/gssapi/Makefile deleted file mode 100644 index c8533372ddf6..000000000000 --- a/crypto/heimdal/lib/gssapi/Makefile +++ /dev/null @@ -1,659 +0,0 @@ -# Makefile.in generated by automake 1.6.3 from Makefile.am. -# lib/gssapi/Makefile. Generated from Makefile.in by configure. - -# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 -# Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - - - -# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $ - -# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ - -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ -SHELL = /bin/sh - -srcdir = . -top_srcdir = ../.. - -prefix = /usr/heimdal -exec_prefix = ${prefix} - -bindir = ${exec_prefix}/bin -sbindir = ${exec_prefix}/sbin -libexecdir = ${exec_prefix}/libexec -datadir = ${prefix}/share -sysconfdir = /etc -sharedstatedir = ${prefix}/com -localstatedir = /var/heimdal -libdir = ${exec_prefix}/lib -infodir = ${prefix}/info -mandir = ${prefix}/man -includedir = ${prefix}/include -oldincludedir = /usr/include -pkgdatadir = $(datadir)/heimdal -pkglibdir = $(libdir)/heimdal -pkgincludedir = $(includedir)/heimdal -top_builddir = ../.. - -ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6 -AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf -AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6 -AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader - -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -INSTALL = /usr/bin/install -c -INSTALL_PROGRAM = ${INSTALL} -INSTALL_DATA = ${INSTALL} -m 644 -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_SCRIPT = ${INSTALL} -INSTALL_HEADER = $(INSTALL_DATA) -transform = s,x,x, -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -host_alias = -host_triplet = i386-unknown-freebsd5.0 - -EXEEXT = -OBJEXT = o -PATH_SEPARATOR = : -AIX_EXTRA_KAFS = -AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar -AS = @AS@ -AWK = gawk -CANONICAL_HOST = i386-unknown-freebsd5.0 -CATMAN = /usr/bin/nroff -mdoc $< > $@ -CATMANEXT = $$section -CC = gcc -COMPILE_ET = compile_et -CPP = gcc -E -DBLIB = -DEPDIR = .deps -DIR_com_err = -DIR_des = -DIR_roken = roken -DLLTOOL = @DLLTOOL@ -ECHO = echo -EXTRA_LIB45 = -GROFF = /usr/bin/groff -INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken -INCLUDE_ = @INCLUDE_@ -INCLUDE_des = -INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s -LEX = flex - -LEXLIB = -lfl -LEX_OUTPUT_ROOT = lex.yy -LIBTOOL = $(SHELL) $(top_builddir)/libtool -LIB_ = @LIB_@ -LIB_AUTH_SUBDIRS = -LIB_NDBM = -LIB_com_err = -lcom_err -LIB_com_err_a = -LIB_com_err_so = -LIB_des = -lcrypto -LIB_des_a = -lcrypto -LIB_des_appl = -lcrypto -LIB_des_so = -lcrypto -LIB_kdb = -LIB_otp = $(top_builddir)/lib/otp/libotp.la -LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen) -LIB_security = -LN_S = ln -s -LTLIBOBJS = copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo -NEED_WRITEAUTH_FALSE = -NEED_WRITEAUTH_TRUE = # -NROFF = /usr/bin/nroff -OBJDUMP = @OBJDUMP@ -PACKAGE = heimdal -RANLIB = ranlib -STRIP = strip -VERSION = 0.4f -VOID_RETSIGTYPE = -WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -WFLAGS_NOIMPLICITINT = -WFLAGS_NOUNUSED = -X_CFLAGS = -I/usr/X11R6/include -X_EXTRA_LIBS = -X_LIBS = -L/usr/X11R6/lib -X_PRE_LIBS = -lSM -lICE -YACC = bison -y -am__include = include -am__quote = -dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce -dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r -dpagaix_ldflags = -Wl,-bI:dfspag.exp -install_sh = /usr/home/nectar/devel/heimdal/install-sh - -AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 - -SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 - -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4) - -ROKEN_RENAME = -DROKEN_RENAME - -AM_CFLAGS = $(WFLAGS) - -CP = cp - -buildinclude = $(top_builddir)/include - -LIB_XauReadAuth = -lXau -LIB_crypt = -lcrypt -LIB_dbm_firstkey = -LIB_dbopen = -LIB_dlopen = -LIB_dn_expand = -LIB_el_init = -ledit -LIB_getattr = @LIB_getattr@ -LIB_gethostbyname = -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_getpwnam_r = -LIB_getsockopt = -LIB_logout = -lutil -LIB_logwtmp = -lutil -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_openpty = -lutil -LIB_pidfile = -LIB_res_search = -LIB_setpcred = @LIB_setpcred@ -LIB_setsockopt = -LIB_socket = -LIB_syslog = -LIB_tgetent = -ltermcap - -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -INCLUDE_hesiod = -LIB_hesiod = - -INCLUDE_krb4 = -LIB_krb4 = - -INCLUDE_openldap = -LIB_openldap = - -INCLUDE_readline = -LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent) - -NROFF_MAN = groff -mandoc -Tascii - -#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) - -LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ - $(top_builddir)/lib/asn1/libasn1.la - -LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la - -#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la - -lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:5:2 -libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la - -include_HEADERS = gssapi.h - -libgssapi_la_SOURCES = \ - 8003.c \ - accept_sec_context.c \ - acquire_cred.c \ - add_oid_set_member.c \ - canonicalize_name.c \ - compare_name.c \ - context_time.c \ - copy_ccache.c \ - create_emtpy_oid_set.c \ - decapsulate.c \ - delete_sec_context.c \ - display_name.c \ - display_status.c \ - duplicate_name.c \ - encapsulate.c \ - export_sec_context.c \ - export_name.c \ - external.c \ - get_mic.c \ - gssapi.h \ - gssapi_locl.h \ - import_name.c \ - import_sec_context.c \ - indicate_mechs.c \ - init.c \ - init_sec_context.c \ - inquire_context.c \ - inquire_cred.c \ - release_buffer.c \ - release_cred.c \ - release_name.c \ - release_oid_set.c \ - test_oid_set_member.c \ - unwrap.c \ - v1.c \ - verify_mic.c \ - wrap.c \ - address_to_krb5addr.c - -subdir = lib/gssapi -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -LTLIBRARIES = $(lib_LTLIBRARIES) - -libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \ - ../roken/libroken.la -am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \ - add_oid_set_member.lo canonicalize_name.lo compare_name.lo \ - context_time.lo copy_ccache.lo create_emtpy_oid_set.lo \ - decapsulate.lo delete_sec_context.lo display_name.lo \ - display_status.lo duplicate_name.lo encapsulate.lo \ - export_sec_context.lo export_name.lo external.lo get_mic.lo \ - import_name.lo import_sec_context.lo indicate_mechs.lo init.lo \ - init_sec_context.lo inquire_context.lo inquire_cred.lo \ - release_buffer.lo release_cred.lo release_name.lo \ - release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo \ - verify_mic.lo wrap.lo address_to_krb5addr.lo -libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS) - -DEFS = -DHAVE_CONFIG_H -DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -CPPFLAGS = -LDFLAGS = -LIBS = -depcomp = -am__depfiles_maybe = -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \ - $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -CFLAGS = -DINET6 -g -O2 -DIST_SOURCES = $(libgssapi_la_SOURCES) -HEADERS = $(include_HEADERS) - -DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in -SOURCES = $(libgssapi_la_SOURCES) - -all: all-am - -.SUFFIXES: -.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign lib/gssapi/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) -libLTLIBRARIES_INSTALL = $(INSTALL) -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(libdir) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - if test -f $$p; then \ - f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \ - else :; fi; \ - done - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \ - $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test -z "$dir" && dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) - $(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) core *.core - -distclean-compile: - -rm -f *.tab.c - -.c.o: - $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$< - -.c.obj: - $(COMPILE) -c `cygpath -w $<` - -.c.lo: - $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -distclean-libtool: - -rm -f libtool -uninstall-info-am: -includeHEADERS_INSTALL = $(INSTALL_HEADER) -install-includeHEADERS: $(include_HEADERS) - @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(includedir) - @list='$(include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \ - $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \ - done - -uninstall-includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " rm -f $(DESTDIR)$(includedir)/$$f"; \ - rm -f $(DESTDIR)$(includedir)/$$f; \ - done - -ETAGS = etags -ETAGSFLAGS = - -tags: TAGS - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - mkid -fID $$unique - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(ETAGS_ARGS)$$tags$$unique" \ - || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - -top_distdir = ../.. -distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) - -distdir: $(DISTFILES) - @list='$(DISTFILES)'; for file in $$list; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test "$$dir" != "$$file" && test "$$dir" != "."; then \ - dir="/$$dir"; \ - $(mkinstalldirs) "$(distdir)$$dir"; \ - else \ - dir=''; \ - fi; \ - if test -d $$d/$$file; then \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="${top_distdir}" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local - -installdirs: - $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir) - -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -rm -f Makefile $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-libtool distclean-tags - -dvi: dvi-am - -dvi-am: - -info: info-am - -info-am: - -install-data-am: install-data-local install-includeHEADERS - -install-exec-am: install-libLTLIBRARIES - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-info: install-info-am - -install-man: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -uninstall-am: uninstall-includeHEADERS uninstall-info-am \ - uninstall-libLTLIBRARIES - -.PHONY: GTAGS all all-am all-local check check-am check-local clean \ - clean-generic clean-libLTLIBRARIES clean-libtool distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-includeHEADERS \ - install-info install-info-am install-libLTLIBRARIES install-man \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - tags uninstall uninstall-am uninstall-includeHEADERS \ - uninstall-info-am uninstall-libLTLIBRARIES - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(build_HEADERZ) - @foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if ./$$i --version > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-local: install-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am deleted file mode 100644 index 95ad40c89284..000000000000 --- a/crypto/heimdal/lib/gssapi/Makefile.am +++ /dev/null @@ -1,51 +0,0 @@ -# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $ - -include $(top_srcdir)/Makefile.am.common - -INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4) - -lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:5:2 -libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la - -include_HEADERS = gssapi.h - -libgssapi_la_SOURCES = \ - 8003.c \ - accept_sec_context.c \ - acquire_cred.c \ - add_oid_set_member.c \ - canonicalize_name.c \ - compare_name.c \ - context_time.c \ - copy_ccache.c \ - create_emtpy_oid_set.c \ - decapsulate.c \ - delete_sec_context.c \ - display_name.c \ - display_status.c \ - duplicate_name.c \ - encapsulate.c \ - export_sec_context.c \ - export_name.c \ - external.c \ - get_mic.c \ - gssapi.h \ - gssapi_locl.h \ - import_name.c \ - import_sec_context.c \ - indicate_mechs.c \ - init.c \ - init_sec_context.c \ - inquire_context.c \ - inquire_cred.c \ - release_buffer.c \ - release_cred.c \ - release_name.c \ - release_oid_set.c \ - test_oid_set_member.c \ - unwrap.c \ - v1.c \ - verify_mic.c \ - wrap.c \ - address_to_krb5addr.c diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in deleted file mode 100644 index 68ac3a191c70..000000000000 --- a/crypto/heimdal/lib/gssapi/Makefile.in +++ /dev/null @@ -1,659 +0,0 @@ -# Makefile.in generated by automake 1.6.3 from Makefile.am. -# @configure_input@ - -# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 -# Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $ - -# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ - -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ -SHELL = @SHELL@ - -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ -VPATH = @srcdir@ -prefix = @prefix@ -exec_prefix = @exec_prefix@ - -bindir = @bindir@ -sbindir = @sbindir@ -libexecdir = @libexecdir@ -datadir = @datadir@ -sysconfdir = @sysconfdir@ -sharedstatedir = @sharedstatedir@ -localstatedir = @localstatedir@ -libdir = @libdir@ -infodir = @infodir@ -mandir = @mandir@ -includedir = @includedir@ -oldincludedir = /usr/include -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -top_builddir = ../.. - -ACLOCAL = @ACLOCAL@ -AUTOCONF = @AUTOCONF@ -AUTOMAKE = @AUTOMAKE@ -AUTOHEADER = @AUTOHEADER@ - -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -INSTALL = @INSTALL@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_DATA = @INSTALL_DATA@ -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_HEADER = $(INSTALL_DATA) -transform = @program_transform_name@ -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -host_alias = @host_alias@ -host_triplet = @host@ - -EXEEXT = @EXEEXT@ -OBJEXT = @OBJEXT@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMTAR = @AMTAR@ -AS = @AS@ -AWK = @AWK@ -CANONICAL_HOST = @CANONICAL_HOST@ -CATMAN = @CATMAN@ -CATMANEXT = @CATMANEXT@ -CC = @CC@ -COMPILE_ET = @COMPILE_ET@ -CPP = @CPP@ -DBLIB = @DBLIB@ -DEPDIR = @DEPDIR@ -DIR_com_err = @DIR_com_err@ -DIR_des = @DIR_des@ -DIR_roken = @DIR_roken@ -DLLTOOL = @DLLTOOL@ -ECHO = @ECHO@ -EXTRA_LIB45 = @EXTRA_LIB45@ -GROFF = @GROFF@ -INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_ = @INCLUDE_@ -INCLUDE_des = @INCLUDE_des@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LEX = @LEX@ - -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBTOOL = @LIBTOOL@ -LIB_ = @LIB_@ -LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_des = @LIB_des@ -LIB_des_a = @LIB_des_a@ -LIB_des_appl = @LIB_des_appl@ -LIB_des_so = @LIB_des_so@ -LIB_kdb = @LIB_kdb@ -LIB_otp = @LIB_otp@ -LIB_roken = @LIB_roken@ -LIB_security = @LIB_security@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ -NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ -NROFF = @NROFF@ -OBJDUMP = @OBJDUMP@ -PACKAGE = @PACKAGE@ -RANLIB = @RANLIB@ -STRIP = @STRIP@ -VERSION = @VERSION@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ -WFLAGS = @WFLAGS@ -WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ -WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -YACC = @YACC@ -am__include = @am__include@ -am__quote = @am__quote@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -install_sh = @install_sh@ - -AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 - -SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 - -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4) - -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME - -AM_CFLAGS = $(WFLAGS) - -CP = cp - -buildinclude = $(top_builddir)/include - -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_crypt = @LIB_crypt@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_el_init = @LIB_el_init@ -LIB_getattr = @LIB_getattr@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_openpty = @LIB_openpty@ -LIB_pidfile = @LIB_pidfile@ -LIB_res_search = @LIB_res_search@ -LIB_setpcred = @LIB_setpcred@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ - -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -LIB_hesiod = @LIB_hesiod@ - -INCLUDE_krb4 = @INCLUDE_krb4@ -LIB_krb4 = @LIB_krb4@ - -INCLUDE_openldap = @INCLUDE_openldap@ -LIB_openldap = @LIB_openldap@ - -INCLUDE_readline = @INCLUDE_readline@ -LIB_readline = @LIB_readline@ - -NROFF_MAN = groff -mandoc -Tascii - -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) - -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la - -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la - -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la - -lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:5:2 -libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la - -include_HEADERS = gssapi.h - -libgssapi_la_SOURCES = \ - 8003.c \ - accept_sec_context.c \ - acquire_cred.c \ - add_oid_set_member.c \ - canonicalize_name.c \ - compare_name.c \ - context_time.c \ - copy_ccache.c \ - create_emtpy_oid_set.c \ - decapsulate.c \ - delete_sec_context.c \ - display_name.c \ - display_status.c \ - duplicate_name.c \ - encapsulate.c \ - export_sec_context.c \ - export_name.c \ - external.c \ - get_mic.c \ - gssapi.h \ - gssapi_locl.h \ - import_name.c \ - import_sec_context.c \ - indicate_mechs.c \ - init.c \ - init_sec_context.c \ - inquire_context.c \ - inquire_cred.c \ - release_buffer.c \ - release_cred.c \ - release_name.c \ - release_oid_set.c \ - test_oid_set_member.c \ - unwrap.c \ - v1.c \ - verify_mic.c \ - wrap.c \ - address_to_krb5addr.c - -subdir = lib/gssapi -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -LTLIBRARIES = $(lib_LTLIBRARIES) - -libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \ - ../roken/libroken.la -am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \ - add_oid_set_member.lo canonicalize_name.lo compare_name.lo \ - context_time.lo copy_ccache.lo create_emtpy_oid_set.lo \ - decapsulate.lo delete_sec_context.lo display_name.lo \ - display_status.lo duplicate_name.lo encapsulate.lo \ - export_sec_context.lo export_name.lo external.lo get_mic.lo \ - import_name.lo import_sec_context.lo indicate_mechs.lo init.lo \ - init_sec_context.lo inquire_context.lo inquire_cred.lo \ - release_buffer.lo release_cred.lo release_name.lo \ - release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo \ - verify_mic.lo wrap.lo address_to_krb5addr.lo -libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS) - -DEFS = @DEFS@ -DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -CPPFLAGS = @CPPFLAGS@ -LDFLAGS = @LDFLAGS@ -LIBS = @LIBS@ -depcomp = -am__depfiles_maybe = -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \ - $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -CFLAGS = @CFLAGS@ -DIST_SOURCES = $(libgssapi_la_SOURCES) -HEADERS = $(include_HEADERS) - -DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in -SOURCES = $(libgssapi_la_SOURCES) - -all: all-am - -.SUFFIXES: -.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign lib/gssapi/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) -libLTLIBRARIES_INSTALL = $(INSTALL) -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(libdir) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - if test -f $$p; then \ - f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \ - else :; fi; \ - done - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \ - $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test -z "$dir" && dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) - $(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) core *.core - -distclean-compile: - -rm -f *.tab.c - -.c.o: - $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$< - -.c.obj: - $(COMPILE) -c `cygpath -w $<` - -.c.lo: - $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -distclean-libtool: - -rm -f libtool -uninstall-info-am: -includeHEADERS_INSTALL = $(INSTALL_HEADER) -install-includeHEADERS: $(include_HEADERS) - @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(includedir) - @list='$(include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \ - $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \ - done - -uninstall-includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " rm -f $(DESTDIR)$(includedir)/$$f"; \ - rm -f $(DESTDIR)$(includedir)/$$f; \ - done - -ETAGS = etags -ETAGSFLAGS = - -tags: TAGS - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - mkid -fID $$unique - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(ETAGS_ARGS)$$tags$$unique" \ - || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - -top_distdir = ../.. -distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) - -distdir: $(DISTFILES) - @list='$(DISTFILES)'; for file in $$list; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test "$$dir" != "$$file" && test "$$dir" != "."; then \ - dir="/$$dir"; \ - $(mkinstalldirs) "$(distdir)$$dir"; \ - else \ - dir=''; \ - fi; \ - if test -d $$d/$$file; then \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="${top_distdir}" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local - -installdirs: - $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir) - -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -rm -f Makefile $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-libtool distclean-tags - -dvi: dvi-am - -dvi-am: - -info: info-am - -info-am: - -install-data-am: install-data-local install-includeHEADERS - -install-exec-am: install-libLTLIBRARIES - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-info: install-info-am - -install-man: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -uninstall-am: uninstall-includeHEADERS uninstall-info-am \ - uninstall-libLTLIBRARIES - -.PHONY: GTAGS all all-am all-local check check-am check-local clean \ - clean-generic clean-libLTLIBRARIES clean-libtool distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-includeHEADERS \ - install-info install-info-am install-libLTLIBRARIES install-man \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - tags uninstall uninstall-am uninstall-includeHEADERS \ - uninstall-info-am uninstall-libLTLIBRARIES - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(build_HEADERZ) - @foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if ./$$i --version > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-local: install-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c deleted file mode 100644 index 23eb769ff01a..000000000000 --- a/crypto/heimdal/lib/gssapi/accept_sec_context.c +++ /dev/null @@ -1,422 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: accept_sec_context.c,v 1.30 2001/08/29 02:21:09 assar Exp $"); - -krb5_keytab gssapi_krb5_keytab; - -OM_uint32 -gsskrb5_register_acceptor_identity (char *identity) -{ - krb5_error_code ret; - char *p; - - ret = gssapi_krb5_init(); - if(ret) - return GSS_S_FAILURE; - - if(gssapi_krb5_keytab != NULL) { - krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab); - gssapi_krb5_keytab = NULL; - } - asprintf(&p, "FILE:%s", identity); - if(p == NULL) - return GSS_S_FAILURE; - ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab); - free(p); - if(ret) - return GSS_S_FAILURE; - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle - ) -{ - krb5_error_code kret; - OM_uint32 ret; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_data fwd_data; - OM_uint32 minor; - - ret = 0; - gssapi_krb5_init (); - - krb5_data_zero (&fwd_data); - output_token->length = 0; - output_token->value = NULL; - - if (*context_handle == GSS_C_NO_CONTEXT) { - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == GSS_C_NO_CONTEXT) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - } - - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; - - if (src_name != NULL) - *src_name = NULL; - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && input_chan_bindings->application_data.length == - 2 * sizeof((*context_handle)->auth_context->local_port) - ) { - - /* Port numbers are expected to be in application_data.value, - * initator's port first */ - - krb5_address initiator_addr, acceptor_addr; - - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - - (*context_handle)->auth_context->remote_port = - *(int16_t *) input_chan_bindings->application_data.value; - - (*context_handle)->auth_context->local_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); - - - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - (*context_handle)->auth_context->local_port, - &acceptor_addr); - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - (*context_handle)->auth_context->remote_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - (*context_handle)->auth_context, - &acceptor_addr, /* local address */ - &initiator_addr); /* remote address */ - - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - -#if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; -#endif - - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - } - - - - { - int32_t tmp; - - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } - - ret = gssapi_krb5_decapsulate (minor_status, - input_token_buffer, - &indata, - "\x01\x00"); - if (ret) - goto failure; - - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else if (acceptor_cred_handle->keytab != NULL) { - keytab = acceptor_cred_handle->keytab; - } - - kret = krb5_rd_req (gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL - : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (src_name != NULL) { - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - src_name); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - } - - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, - (*context_handle)->auth_context, - &authenticator); - if(kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) - goto failure; - } - - if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - - krb5_ccache ccache; - - if (delegated_cred_handle == NULL) - /* XXX Create a new delegated_cred_handle? */ - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { - if ((*delegated_cred_handle = - calloc(1, sizeof(**delegated_cred_handle))) == NULL) { - ret = GSS_S_FAILURE; - *minor_status = ENOMEM; - krb5_set_error_string(gssapi_krb5_context, "out of memory"); - gssapi_krb5_set_error_string(); - goto failure; - } - if ((ret = gss_duplicate_name(minor_status, ticket->client, - &(*delegated_cred_handle)->principal)) != 0) { - flags &= ~GSS_C_DELEG_FLAG; - free(*delegated_cred_handle); - *delegated_cred_handle = NULL; - goto end_fwd; - } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { - kret = krb5_cc_gen_new (gssapi_krb5_context, - &krb5_mcc_ops, - &(*delegated_cred_handle)->ccache); - ccache = (*delegated_cred_handle)->ccache; - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->mechanisms == NULL) { - ret = gss_create_empty_oid_set(minor_status, - &(*delegated_cred_handle)->mechanisms); - if (ret) - goto failure; - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &(*delegated_cred_handle)->mechanisms); - if (ret) - goto failure; - } - - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - - kret = krb5_cc_initialize(gssapi_krb5_context, - ccache, - *src_name); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - - kret = krb5_rd_cred2(gssapi_krb5_context, - (*context_handle)->auth_context, - ccache, - &fwd_data); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - -end_fwd: - free(fwd_data.data); - } - - - flags |= GSS_C_TRANS_FLAG; - - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= OPEN; - - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; - - if (time_rec) - *time_rec = GSS_C_INDEFINITE; - - if(flags & GSS_C_MUTUAL_FLAG) { - krb5_data outbuf; - - kret = krb5_mk_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - ret = gssapi_krb5_encapsulate (minor_status, - &outbuf, - output_token, - "\x02\x00"); - krb5_data_free (&outbuf); - if (ret) - goto failure; - } else { - output_token->length = 0; - } - - (*context_handle)->ticket = ticket; - ticket = NULL; - -#if 0 - krb5_free_ticket (context, ticket); -#endif - - return GSS_S_COMPLETE; - -failure: - if (fwd_data.length > 0) - free(fwd_data.data); - if (ticket != NULL) - krb5_free_ticket (gssapi_krb5_context, ticket); - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - if (src_name != NULL) { - gss_release_name (&minor, src_name); - *src_name = NULL; - } - *context_handle = GSS_C_NO_CONTEXT; - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c deleted file mode 100644 index 6940b2610410..000000000000 --- a/crypto/heimdal/lib/gssapi/acquire_cred.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: acquire_cred.c,v 1.10 2002/08/20 12:02:45 nectar Exp $"); - -static krb5_error_code -get_keytab(krb5_keytab *keytab) -{ - char kt_name[256]; - krb5_error_code kret; - - if (gssapi_krb5_keytab != NULL) { - kret = krb5_kt_get_name(gssapi_krb5_context, - gssapi_krb5_keytab, - kt_name, sizeof(kt_name)); - if (kret == 0) - kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab); - } else - kret = krb5_kt_default(gssapi_krb5_context, keytab); - return (kret); -} - -static OM_uint32 acquire_initiator_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_creds cred; - krb5_principal def_princ; - krb5_get_init_creds_opt opt; - krb5_ccache ccache; - krb5_keytab keytab; - krb5_error_code kret; - - keytab = NULL; - ccache = NULL; - def_princ = NULL; - ret = GSS_S_FAILURE; - memset(&cred, 0, sizeof(cred)); - - kret = krb5_cc_default(gssapi_krb5_context, &ccache); - if (kret) - goto end; - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, - &def_princ); - if (kret != 0) { - /* we'll try to use a keytab below */ - krb5_cc_destroy(gssapi_krb5_context, ccache); - ccache = NULL; - kret = 0; - } else if (handle->principal == NULL) { - kret = krb5_copy_principal(gssapi_krb5_context, def_princ, - &handle->principal); - if (kret) - goto end; - } else if (handle->principal != NULL && - krb5_principal_compare(gssapi_krb5_context, handle->principal, - def_princ) == FALSE) { - kret = KRB5_PRINC_NOMATCH; - goto end; - } - if (def_princ == NULL) { - /* We have no existing credentials cache, - * so attempt to get a TGT using a keytab. - */ - if (handle->principal == NULL) { - kret = krb5_get_default_principal(gssapi_krb5_context, - &handle->principal); - if (kret) - goto end; - } - kret = get_keytab(&keytab); - if (kret) - goto end; - krb5_get_init_creds_opt_init(&opt); - kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred, - handle->principal, keytab, 0, NULL, &opt); - if (kret) - goto end; - kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, - &ccache); - if (kret) - goto end; - kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client); - if (kret) - goto end; - kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred); - if (kret) - goto end; - } - handle->ccache = ccache; - ret = GSS_S_COMPLETE; - -end: - if (cred.client != NULL) - krb5_free_creds_contents(gssapi_krb5_context, &cred); - if (def_princ != NULL) - krb5_free_principal(gssapi_krb5_context, def_princ); - if (keytab != NULL) - krb5_kt_close(gssapi_krb5_context, keytab); - if (ret != GSS_S_COMPLETE) { - if (ccache != NULL) - krb5_cc_close(gssapi_krb5_context, ccache); - if (kret != 0) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - } - } - return (ret); -} - -static OM_uint32 acquire_acceptor_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_error_code kret; - - kret = 0; - ret = GSS_S_FAILURE; - kret = get_keytab(&handle->keytab); - if (kret) - goto end; - ret = GSS_S_COMPLETE; - -end: - if (ret != GSS_S_COMPLETE) { - if (handle->keytab != NULL) - krb5_kt_close(gssapi_krb5_context, handle->keytab); - if (kret != 0) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - } - } - return (ret); -} - -OM_uint32 gss_acquire_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - gss_cred_id_t handle; - OM_uint32 ret; - - gssapi_krb5_init (); - - *minor_status = 0; - handle = (gss_cred_id_t)malloc(sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) - return (GSS_S_FAILURE); - - memset(handle, 0, sizeof (*handle)); - - if (desired_name != GSS_C_NO_NAME) { - ret = gss_duplicate_name(minor_status, desired_name, - &handle->principal); - if (ret != GSS_S_COMPLETE) { - free(handle); - return (ret); - } - } - if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { - ret = acquire_initiator_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, handle, actual_mechs, time_rec); - if (ret != GSS_S_COMPLETE) { - free(handle); - return (ret); - } - } - if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { - ret = acquire_acceptor_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, handle, actual_mechs, time_rec); - if (ret != GSS_S_COMPLETE) { - free(handle); - return (ret); - } - } - ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL, - actual_mechs); - if (ret != GSS_S_COMPLETE) { - if (handle->mechanisms != NULL) - gss_release_oid_set(NULL, &handle->mechanisms); - free(handle); - return (ret); - } - /* XXX */ - handle->lifetime = time_req; - handle->usage = cred_usage; - *output_cred_handle = handle; - return (GSS_S_COMPLETE); -} diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c deleted file mode 100644 index baf70c54404e..000000000000 --- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: add_oid_set_member.c,v 1.7 2001/02/18 03:39:08 assar Exp $"); - -OM_uint32 gss_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set - ) -{ - gss_OID tmp; - size_t n; - OM_uint32 res; - int present; - - res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present); - if (res != GSS_S_COMPLETE) - return res; - - if (present) - return GSS_S_COMPLETE; - - n = (*oid_set)->count + 1; - tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->elements = tmp; - (*oid_set)->count = n; - (*oid_set)->elements[n-1] = *member_oid; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c deleted file mode 100644 index c8041aa93626..000000000000 --- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -#include <roken.h> - -krb5_error_code -gss_address_to_krb5addr(OM_uint32 gss_addr_type, - gss_buffer_desc *gss_addr, - int16_t port, - krb5_address *address) -{ - int addr_type; - struct sockaddr sa; - int sa_size = sizeof(sa); - krb5_error_code problem; - - if (gss_addr == NULL) - return GSS_S_FAILURE; - - switch (gss_addr_type) { -#ifdef HAVE_IPV6 - case GSS_C_AF_INET6: addr_type = AF_INET6; - break; -#endif /* HAVE_IPV6 */ - - case GSS_C_AF_INET: addr_type = AF_INET; - break; - default: - return GSS_S_FAILURE; - } - - problem = krb5_h_addr2sockaddr (gssapi_krb5_context, - addr_type, - gss_addr->value, - &sa, - &sa_size, - port); - if (problem) - return GSS_S_FAILURE; - - problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address); - - return problem; -} diff --git a/crypto/heimdal/lib/gssapi/canonicalize_name.c b/crypto/heimdal/lib/gssapi/canonicalize_name.c deleted file mode 100644 index afa39f3a4f96..000000000000 --- a/crypto/heimdal/lib/gssapi/canonicalize_name.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $"); - -OM_uint32 gss_canonicalize_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - const gss_OID mech_type, - gss_name_t * output_name - ) -{ - return gss_duplicate_name (minor_status, input_name, output_name); -} diff --git a/crypto/heimdal/lib/gssapi/compare_name.c b/crypto/heimdal/lib/gssapi/compare_name.c deleted file mode 100644 index 5926b158b73a..000000000000 --- a/crypto/heimdal/lib/gssapi/compare_name.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: compare_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $"); - -OM_uint32 gss_compare_name - (OM_uint32 * minor_status, - const gss_name_t name1, - const gss_name_t name2, - int * name_equal - ) -{ - gssapi_krb5_init (); - *name_equal = krb5_principal_compare (gssapi_krb5_context, - name1, name2); - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c deleted file mode 100644 index f933f9e24e73..000000000000 --- a/crypto/heimdal/lib/gssapi/context_time.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: context_time.c,v 1.5 2001/05/11 09:16:45 assar Exp $"); - -OM_uint32 gss_context_time - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - OM_uint32 * time_rec - ) -{ - OM_uint32 lifetime; - OM_uint32 ret; - krb5_error_code kret; - krb5_timestamp timeret; - - gssapi_krb5_init(); - - ret = gss_inquire_context(minor_status, context_handle, - NULL, NULL, &lifetime, NULL, NULL, NULL, NULL); - if (ret) { - return ret; - } - - kret = krb5_timeofday(gssapi_krb5_context, &timeret); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - - *time_rec = lifetime - timeret; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c deleted file mode 100644 index a6f53dfb5753..000000000000 --- a/crypto/heimdal/lib/gssapi/copy_ccache.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: copy_ccache.c,v 1.2 2001/05/11 09:16:45 assar Exp $"); - -OM_uint32 -gss_krb5_copy_ccache(OM_uint32 *minor, - gss_cred_id_t cred, - krb5_ccache out) -{ - krb5_error_code kret; - - if (cred->ccache == NULL) { - *minor = EINVAL; - return GSS_S_FAILURE; - } - - kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); - if (kret) { - *minor = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c deleted file mode 100644 index de71749f0533..000000000000 --- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: create_emtpy_oid_set.c,v 1.4 2001/02/18 03:39:08 assar Exp $"); - -OM_uint32 gss_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set - ) -{ - *oid_set = malloc(sizeof(**oid_set)); - if (*oid_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->count = 0; - (*oid_set)->elements = NULL; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c deleted file mode 100644 index 29c1f5bbf8ae..000000000000 --- a/crypto/heimdal/lib/gssapi/decapsulate.c +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: decapsulate.c,v 1.7 2001/08/23 04:35:54 assar Exp $"); - -OM_uint32 -gssapi_krb5_verify_header(u_char **str, - size_t total_len, - char *type) -{ - size_t len, len_len, mech_len, foo; - int e; - u_char *p = *str; - - if (total_len < 1) - return GSS_S_DEFECTIVE_TOKEN; - if (*p++ != 0x60) - return GSS_S_DEFECTIVE_TOKEN; - e = der_get_length (p, total_len - 1, &len, &len_len); - if (e || 1 + len_len + len != total_len) - return GSS_S_DEFECTIVE_TOKEN; - p += len_len; - if (*p++ != 0x06) - return GSS_S_DEFECTIVE_TOKEN; - e = der_get_length (p, total_len - 1 - len_len - 1, - &mech_len, &foo); - if (e) - return GSS_S_DEFECTIVE_TOKEN; - p += foo; - if (mech_len != GSS_KRB5_MECHANISM->length) - return GSS_S_BAD_MECH; - if (memcmp(p, - GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length) != 0) - return GSS_S_BAD_MECH; - p += mech_len; - if (memcmp (p, type, 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - *str = p; - return GSS_S_COMPLETE; -} - -/* - * Remove the GSS-API wrapping from `in_token' giving `out_data. - * Does not copy data, so just free `in_token'. - */ - -OM_uint32 -gssapi_krb5_decapsulate( - OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - char *type -) -{ - u_char *p; - OM_uint32 ret; - - p = input_token_buffer->value; - ret = gssapi_krb5_verify_header(&p, - input_token_buffer->length, - type); - if (ret) { - *minor_status = 0; - return ret; - } - - out_data->length = input_token_buffer->length - - (p - (u_char *)input_token_buffer->value); - out_data->data = p; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c deleted file mode 100644 index 06f44e383b07..000000000000 --- a/crypto/heimdal/lib/gssapi/delete_sec_context.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: delete_sec_context.c,v 1.9 2001/05/10 15:23:04 assar Exp $"); - -OM_uint32 gss_delete_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t output_token - ) -{ - gssapi_krb5_init (); - - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } - - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - if ((*context_handle)->ticket) { - krb5_free_ticket (gssapi_krb5_context, - (*context_handle)->ticket); - free((*context_handle)->ticket); - } - - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c deleted file mode 100644 index 1c25e6790f61..000000000000 --- a/crypto/heimdal/lib/gssapi/display_name.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: display_name.c,v 1.7 2001/05/11 09:16:46 assar Exp $"); - -OM_uint32 gss_display_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t output_name_buffer, - gss_OID * output_name_type - ) -{ - krb5_error_code kret; - char *buf; - size_t len; - - gssapi_krb5_init (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &buf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (buf); - output_name_buffer->length = len; - output_name_buffer->value = malloc(len + 1); - if (output_name_buffer->value == NULL) { - free (buf); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (output_name_buffer->value, buf, len); - ((char *)output_name_buffer->value)[len] = '\0'; - free (buf); - if (output_name_type) - *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c deleted file mode 100644 index fc1451dd6691..000000000000 --- a/crypto/heimdal/lib/gssapi/display_status.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: display_status.c,v 1.7 2001/08/23 04:34:41 assar Exp $"); - -static char *krb5_error_string; - -static char * -calling_error(OM_uint32 v) -{ - static char *msgs[] = { - NULL, /* 0 */ - "A required input parameter could not be read.", /* */ - "A required output parameter could not be written.", /* */ - "A parameter was malformed" - }; - - v >>= GSS_C_CALLING_ERROR_OFFSET; - - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown calling error"; - else - return msgs[v]; -} - -static char * -routine_error(OM_uint32 v) -{ - static char *msgs[] = { - NULL, /* 0 */ - "An unsupported mechanism was requested", - "An invalid name was supplied", - "A supplied name was of an unsupported type", - "Incorrect channel bindings were supplied", - "An invalid status code was supplied", - "A token had an invalid MIC", - "No credentials were supplied, " - "or the credentials were unavailable or inaccessible.", - "No context has been established", - "A token was invalid", - "A credential was invalid", - "The referenced credentials have expired", - "The context has expired", - "Miscellaneous failure (see text)", - "The quality-of-protection requested could not be provide", - "The operation is forbidden by local security policy", - "The operation or option is not available", - "The requested credential element already exists", - "The provided name was not a mechanism name.", - }; - - v >>= GSS_C_ROUTINE_ERROR_OFFSET; - - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown routine error"; - else - return msgs[v]; -} - -void -gssapi_krb5_set_error_string (void) -{ - krb5_error_string = krb5_get_error_string(gssapi_krb5_context); -} - -char * -gssapi_krb5_get_error_string (void) -{ - char *ret = krb5_error_string; - krb5_error_string = NULL; - return ret; -} - -OM_uint32 gss_display_status - (OM_uint32 *minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 *message_context, - gss_buffer_t status_string) -{ - char *buf; - - gssapi_krb5_init (); - - *minor_status = 0; - - if (mech_type != GSS_C_NO_OID && - mech_type != GSS_KRB5_MECHANISM) - return GSS_S_BAD_MECH; - - if (status_type == GSS_C_GSS_CODE) { - asprintf (&buf, "%s %s", - calling_error(GSS_CALLING_ERROR(status_value)), - routine_error(GSS_ROUTINE_ERROR(status_value))); - } else if (status_type == GSS_C_MECH_CODE) { - buf = gssapi_krb5_get_error_string (); - if (buf == NULL) { - const char *tmp = krb5_get_err_text (gssapi_krb5_context, - status_value); - if (tmp == NULL) - asprintf(&buf, "unknown mech error-code %u", - (unsigned)status_value); - else - buf = strdup(tmp); - } - } else - return GSS_S_BAD_STATUS; - - if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - *message_context = 0; - - status_string->length = strlen(buf); - status_string->value = buf; - - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c deleted file mode 100644 index b0ecdf2990ba..000000000000 --- a/crypto/heimdal/lib/gssapi/duplicate_name.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: duplicate_name.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); - -OM_uint32 gss_duplicate_name ( - OM_uint32 * minor_status, - const gss_name_t src_name, - gss_name_t * dest_name - ) -{ - krb5_error_code kret; - - gssapi_krb5_init (); - - kret = krb5_copy_principal (gssapi_krb5_context, - src_name, - dest_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } else { - return GSS_S_COMPLETE; - } -} diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c deleted file mode 100644 index e7c67504e4e2..000000000000 --- a/crypto/heimdal/lib/gssapi/encapsulate.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: encapsulate.c,v 1.6 2001/08/23 04:35:54 assar Exp $"); - -void -gssapi_krb5_encap_length (size_t data_len, - size_t *len, - size_t *total_len) -{ - size_t len_len; - - *len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len; - - len_len = length_len(*len); - - *total_len = 1 + len_len + *len; -} - -u_char * -gssapi_krb5_make_header (u_char *p, - size_t len, - u_char *type) -{ - int e; - size_t len_len, foo; - - *p++ = 0x60; - len_len = length_len(len); - e = der_put_length (p + len_len - 1, len_len, len, &foo); - if(e || foo != len_len) - abort (); - p += len_len; - *p++ = 0x06; - *p++ = GSS_KRB5_MECHANISM->length; - memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); - p += GSS_KRB5_MECHANISM->length; - memcpy (p, type, 2); - p += 2; - return p; -} - -/* - * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings. - */ - -OM_uint32 -gssapi_krb5_encapsulate( - OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - u_char *type -) -{ - size_t len, outer_len; - u_char *p; - - gssapi_krb5_encap_length (in_data->length, &len, &outer_len); - - output_token->length = outer_len; - output_token->value = malloc (outer_len); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header (output_token->value, len, type); - memcpy (p, in_data->data, in_data->length); - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c deleted file mode 100644 index efbd9c4eaf91..000000000000 --- a/crypto/heimdal/lib/gssapi/export_name.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: export_name.c,v 1.4 1999/12/02 17:05:03 joda Exp $"); - -OM_uint32 gss_export_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t exported_name - ) -{ - return gss_display_name(minor_status, - input_name, - exported_name, - NULL); -} diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c deleted file mode 100644 index 30c5a11c4f38..000000000000 --- a/crypto/heimdal/lib/gssapi/export_sec_context.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: export_sec_context.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); - -OM_uint32 -gss_export_sec_context ( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t interprocess_token - ) -{ - krb5_storage *sp; - krb5_auth_context ac; - OM_uint32 ret = GSS_S_COMPLETE; - krb5_data data; - gss_buffer_desc buffer; - int flags; - OM_uint32 minor; - krb5_error_code kret; - - gssapi_krb5_init (); - if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) - return GSS_S_UNAVAILABLE; - - sp = krb5_storage_emem (); - if (sp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - ac = (*context_handle)->auth_context; - - /* flagging included fields */ - - flags = 0; - if (ac->local_address) - flags |= SC_LOCAL_ADDRESS; - if (ac->remote_address) - flags |= SC_REMOTE_ADDRESS; - if (ac->keyblock) - flags |= SC_KEYBLOCK; - if (ac->local_subkey) - flags |= SC_LOCAL_SUBKEY; - if (ac->remote_subkey) - flags |= SC_REMOTE_SUBKEY; - - kret = krb5_store_int32 (sp, flags); - if (kret) { - *minor_status = kret; - goto failure; - } - - /* marshall auth context */ - - kret = krb5_store_int32 (sp, ac->flags); - if (kret) { - *minor_status = kret; - goto failure; - } - if (ac->local_address) { - kret = krb5_store_address (sp, *ac->local_address); - if (kret) { - *minor_status = kret; - goto failure; - } - } - if (ac->remote_address) { - kret = krb5_store_address (sp, *ac->remote_address); - if (kret) { - *minor_status = kret; - goto failure; - } - } - kret = krb5_store_int16 (sp, ac->local_port); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int16 (sp, ac->remote_port); - if (kret) { - *minor_status = kret; - goto failure; - } - if (ac->keyblock) { - kret = krb5_store_keyblock (sp, *ac->keyblock); - if (kret) { - *minor_status = kret; - goto failure; - } - } - if (ac->local_subkey) { - kret = krb5_store_keyblock (sp, *ac->local_subkey); - if (kret) { - *minor_status = kret; - goto failure; - } - } - if (ac->remote_subkey) { - kret = krb5_store_keyblock (sp, *ac->remote_subkey); - if (kret) { - *minor_status = kret; - goto failure; - } - } - kret = krb5_store_int32 (sp, ac->local_seqnumber); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int32 (sp, ac->remote_seqnumber); - if (kret) { - *minor_status = kret; - goto failure; - } - -#if 0 - { - size_t sz; - unsigned char auth_buf[1024]; - - ret = encode_Authenticator (auth_buf, sizeof(auth_buf), - ac->authenticator, &sz); - if (ret) { - krb5_storage_free (sp); - *minor_status = ret; - return GSS_S_FAILURE; - } - data.data = auth_buf; - data.length = sz; - kret = krb5_store_data (sp, data); - if (kret) { - *minor_status = kret; - goto failure; - } - } -#endif - kret = krb5_store_int32 (sp, ac->keytype); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int32 (sp, ac->cksumtype); - if (kret) { - *minor_status = kret; - goto failure; - } - - /* names */ - - ret = gss_export_name (minor_status, (*context_handle)->source, &buffer); - if (ret) - goto failure; - data.data = buffer.value; - data.length = buffer.length; - kret = krb5_store_data (sp, data); - gss_release_buffer (&minor, &buffer); - if (kret) { - *minor_status = kret; - goto failure; - } - - ret = gss_export_name (minor_status, (*context_handle)->target, &buffer); - if (ret) - goto failure; - data.data = buffer.value; - data.length = buffer.length; - kret = krb5_store_data (sp, data); - gss_release_buffer (&minor, &buffer); - if (kret) { - *minor_status = kret; - goto failure; - } - - kret = krb5_store_int32 (sp, (*context_handle)->flags); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int32 (sp, (*context_handle)->more_flags); - if (kret) { - *minor_status = kret; - goto failure; - } - - kret = krb5_storage_to_data (sp, &data); - krb5_storage_free (sp); - if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; - } - interprocess_token->length = data.length; - interprocess_token->value = data.data; - ret = gss_delete_sec_context (minor_status, context_handle, - GSS_C_NO_BUFFER); - if (ret != GSS_S_COMPLETE) - gss_release_buffer (NULL, interprocess_token); - return ret; - failure: - krb5_storage_free (sp); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/external.c b/crypto/heimdal/lib/gssapi/external.c deleted file mode 100644 index dca35ea94318..000000000000 --- a/crypto/heimdal/lib/gssapi/external.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $"); - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x01"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_user_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x01"}; - -gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x02"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x02"}; - -gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x03"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x03"}; - -gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, - * corresponding to an object-identifier value of - * {iso(1) org(3) dod(6) internet(1) security(5) - * nametypes(6) gss-host-based-services(2)). The constant - * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point - * to that gss_OID_desc. This is a deprecated OID value, and - * implementations wishing to support hostbased-service names - * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, - * defined below, to identify such names; - * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym - * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input - * parameter, but should not be emitted by GSS-API - * implementations - */ - -static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = -{6, (void *)"\x2b\x06\x01\x05\x06\x02"}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x04"}, corresponding to an - * object-identifier value of {iso(1) member-body(2) - * Unites States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) service_name(4)}. The constant - * GSS_C_NT_HOSTBASED_SERVICE should be initialized - * to point to that gss_OID_desc. - */ -static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, - * corresponding to an object identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 3(gss-anonymous-name)}. The constant - * and GSS_C_NT_ANONYMOUS should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_anonymous_oid_desc = -{6, (void *)"\x2b\x06\01\x05\x06\x03"}; - -gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, - * corresponding to an object-identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 4(gss-api-exported-name)}. The constant - * GSS_C_NT_EXPORT_NAME should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_export_name_oid_desc = -{6, (void *)"\x2b\x06\x01\x05\x06\x04"}; - -gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * krb5(2) krb5_name(1)}. The recommended symbolic name for this type - * is "GSS_KRB5_NT_PRINCIPAL_NAME". - */ - -static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; - -gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". - */ - -gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; - -/* - * To support ongoing experimentation, testing, and evolution of the - * specification, the Kerberos V5 GSS-API mechanism as defined in this - * and any successor memos will be identified with the following Object - * Identifier, as defined in RFC-1510, until the specification is - * advanced to the level of Proposed Standard RFC: - * - * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} - * - * Upon advancement to the level of Proposed Standard RFC, the Kerberos - * V5 GSS-API mechanism will be identified by an Object Identifier - * having the value: - * - * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) - * gssapi(2) krb5(2)} - */ - -#if 0 /* This is the old OID */ - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{5, (void *)"\x2b\x05\x01\x05\x02"}; - -#endif - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; - -gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; - -/* - * Context for krb5 calls. - */ - -krb5_context gssapi_krb5_context; diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c deleted file mode 100644 index 720a2ff9cdcd..000000000000 --- a/crypto/heimdal/lib/gssapi/get_mic.c +++ /dev/null @@ -1,283 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: get_mic.c,v 1.19 2001/10/31 13:37:39 nectar Exp $"); - -static OM_uint32 -mic_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16]; - des_key_schedule schedule; - des_cblock deskey; - des_cblock zero; - int32_t seq_number; - size_t len, total_len; - - gssapi_krb5_encap_length (22, &len, &total_len); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(message_token->value, - len, - "\x01\x01"); /* TOK_ID */ - - memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ - p += 2; - - memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */ - p += 4; - - /* Fill in later (SND-SEQ) */ - memset (p, 0, 16); - p += 16; - - /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, message_buffer->length); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - memcpy (p - 8, hash, 8); /* SGN_CKSUM */ - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - p -= 16; /* SND_SEQ */ - p[0] = (seq_number >> 0) & 0xFF; - p[1] = (seq_number >> 8) & 0xFF; - p[2] = (seq_number >> 16) & 0xFF; - p[3] = (seq_number >> 24) & 0xFF; - memset (p + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - - return GSS_S_COMPLETE; -} - -static OM_uint32 -mic_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key - ) -{ - u_char *p; - Checksum cksum; - u_char seq[8]; - - int32_t seq_number; - size_t len, total_len; - - krb5_crypto crypto; - krb5_error_code kret; - krb5_data encdata; - char *tmp; - - gssapi_krb5_encap_length (36, &len, &total_len); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(message_token->value, - len, - "\x01\x01"); /* TOK-ID */ - - memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ - p += 2; - - memcpy (p, "\xff\xff\xff\xff", 4); /* filler */ - p += 4; - - /* this should be done in parts */ - - tmp = malloc (message_buffer->length + 8); - if (tmp == NULL) { - free (message_token->value); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, p - 8, 8); - memcpy (tmp + 8, message_buffer->value, message_buffer->length); - - kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (kret) { - free (message_token->value); - free (tmp); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_create_checksum (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SIGN, - 0, - tmp, - message_buffer->length + 8, - &cksum); - free (tmp); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (kret) { - free (message_token->value); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - kret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (kret) { - free (message_token->value); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_encrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (kret) { - free (message_token->value); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - assert (encdata.length == 8); - - memcpy (p, encdata.data, encdata.length); - krb5_data_free (&encdata); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - free_Checksum (&cksum); - return GSS_S_COMPLETE; -} - -OM_uint32 gss_get_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_localkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = mic_des (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - case KEYTYPE_DES3 : - ret = mic_des3 (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h deleted file mode 100644 index 82d4056888ff..000000000000 --- a/crypto/heimdal/lib/gssapi/gssapi.h +++ /dev/null @@ -1,773 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: gssapi.h,v 1.21 2001/05/04 13:52:02 assar Exp $ */ - -#ifndef GSSAPI_H_ -#define GSSAPI_H_ - -/* - * First, include stddef.h to get size_t defined. - */ -#include <stddef.h> - -#include <krb5-types.h> - -/* - * Now define the three implementation-dependent types. - */ - -typedef u_int32_t OM_uint32; - -typedef u_int32_t gss_uint32; - -/* - * This is to avoid having to include <krb5.h> - */ - -struct krb5_auth_context_data; - -struct Principal; - -/* typedef void *gss_name_t; */ - -typedef struct Principal *gss_name_t; - -typedef struct gss_ctx_id_t_desc_struct { - struct krb5_auth_context_data *auth_context; - gss_name_t source, target; - OM_uint32 flags; - enum { LOCAL = 1, OPEN = 2} more_flags; - struct krb5_ticket *ticket; -} gss_ctx_id_t_desc; - -typedef gss_ctx_id_t_desc *gss_ctx_id_t; - -typedef struct gss_OID_desc_struct { - OM_uint32 length; - void *elements; -} gss_OID_desc, *gss_OID; - -typedef struct gss_OID_set_desc_struct { - size_t count; - gss_OID elements; -} gss_OID_set_desc, *gss_OID_set; - -struct krb5_keytab_data; - -struct krb5_ccache_data; - -typedef int gss_cred_usage_t; - -typedef struct gss_cred_id_t_desc_struct { - gss_name_t principal; - struct krb5_keytab_data *keytab; - OM_uint32 lifetime; - gss_cred_usage_t usage; - gss_OID_set mechanisms; - struct krb5_ccache_data *ccache; -} gss_cred_id_t_desc; - -typedef gss_cred_id_t_desc *gss_cred_id_t; - -typedef struct gss_buffer_desc_struct { - size_t length; - void *value; -} gss_buffer_desc, *gss_buffer_t; - -typedef struct gss_channel_bindings_struct { - OM_uint32 initiator_addrtype; - gss_buffer_desc initiator_address; - OM_uint32 acceptor_addrtype; - gss_buffer_desc acceptor_address; - gss_buffer_desc application_data; -} *gss_channel_bindings_t; - -/* - * For now, define a QOP-type as an OM_uint32 - */ -typedef OM_uint32 gss_qop_t; - -/* - * Flag bits for context-level services. - */ -#define GSS_C_DELEG_FLAG 1 -#define GSS_C_MUTUAL_FLAG 2 -#define GSS_C_REPLAY_FLAG 4 -#define GSS_C_SEQUENCE_FLAG 8 -#define GSS_C_CONF_FLAG 16 -#define GSS_C_INTEG_FLAG 32 -#define GSS_C_ANON_FLAG 64 -#define GSS_C_PROT_READY_FLAG 128 -#define GSS_C_TRANS_FLAG 256 - -/* - * Credential usage options - */ -#define GSS_C_BOTH 0 -#define GSS_C_INITIATE 1 -#define GSS_C_ACCEPT 2 - -/* - * Status code types for gss_display_status - */ -#define GSS_C_GSS_CODE 1 -#define GSS_C_MECH_CODE 2 - -/* - * The constant definitions for channel-bindings address families - */ -#define GSS_C_AF_UNSPEC 0 -#define GSS_C_AF_LOCAL 1 -#define GSS_C_AF_INET 2 -#define GSS_C_AF_IMPLINK 3 -#define GSS_C_AF_PUP 4 -#define GSS_C_AF_CHAOS 5 -#define GSS_C_AF_NS 6 -#define GSS_C_AF_NBS 7 -#define GSS_C_AF_ECMA 8 -#define GSS_C_AF_DATAKIT 9 -#define GSS_C_AF_CCITT 10 -#define GSS_C_AF_SNA 11 -#define GSS_C_AF_DECnet 12 -#define GSS_C_AF_DLI 13 -#define GSS_C_AF_LAT 14 -#define GSS_C_AF_HYLINK 15 -#define GSS_C_AF_APPLETALK 16 -#define GSS_C_AF_BSC 17 -#define GSS_C_AF_DSS 18 -#define GSS_C_AF_OSI 19 -#define GSS_C_AF_X25 21 -#define GSS_C_AF_INET6 24 - -#define GSS_C_AF_NULLADDR 255 - -/* - * Various Null values - */ -#define GSS_C_NO_NAME ((gss_name_t) 0) -#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) -#define GSS_C_NO_OID ((gss_OID) 0) -#define GSS_C_NO_OID_SET ((gss_OID_set) 0) -#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) -#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) -#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) -#define GSS_C_EMPTY_BUFFER {0, NULL} - -/* - * Some alternate names for a couple of the above - * values. These are defined for V1 compatibility. - */ -#define GSS_C_NULL_OID GSS_C_NO_OID -#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET - -/* - * Define the default Quality of Protection for per-message - * services. Note that an implementation that offers multiple - * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero - * (as done here) to mean "default protection", or to a specific - * explicit QOP value. However, a value of 0 should always be - * interpreted by a GSSAPI implementation as a request for the - * default protection level. - */ -#define GSS_C_QOP_DEFAULT 0 - -#define GSS_KRB5_CONF_C_QOP_DES 0x0100 -#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 - -/* - * Expiration time of 2^32-1 seconds means infinite lifetime for a - * credential or security context - */ -#define GSS_C_INDEFINITE 0xfffffffful - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x01"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point - * to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_USER_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x02"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_MACHINE_UID_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x03"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_STRING_UID_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, - * corresponding to an object-identifier value of - * {iso(1) org(3) dod(6) internet(1) security(5) - * nametypes(6) gss-host-based-services(2)). The constant - * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point - * to that gss_OID_desc. This is a deprecated OID value, and - * implementations wishing to support hostbased-service names - * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, - * defined below, to identify such names; - * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym - * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input - * parameter, but should not be emitted by GSS-API - * implementations - */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x04"}, corresponding to an - * object-identifier value of {iso(1) member-body(2) - * Unites States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) service_name(4)}. The constant - * GSS_C_NT_HOSTBASED_SERVICE should be initialized - * to point to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, - * corresponding to an object identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 3(gss-anonymous-name)}. The constant - * and GSS_C_NT_ANONYMOUS should be initialized to point - * to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_ANONYMOUS; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, - * corresponding to an object-identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 4(gss-api-exported-name)}. The constant - * GSS_C_NT_EXPORT_NAME should be initialized to point - * to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_EXPORT_NAME; - -/* - * This if for kerberos5 names. - */ - -extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; -extern gss_OID GSS_KRB5_NT_USER_NAME; -extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; -extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; - -extern gss_OID GSS_KRB5_MECHANISM; - -/* for compatibility with MIT api */ - -#define gss_mech_krb5 GSS_KRB5_MECHANISM - -/* Major status codes */ - -#define GSS_S_COMPLETE 0 - -/* - * Some "helper" definitions to make the status code macros obvious. - */ -#define GSS_C_CALLING_ERROR_OFFSET 24 -#define GSS_C_ROUTINE_ERROR_OFFSET 16 -#define GSS_C_SUPPLEMENTARY_OFFSET 0 -#define GSS_C_CALLING_ERROR_MASK 0377ul -#define GSS_C_ROUTINE_ERROR_MASK 0377ul -#define GSS_C_SUPPLEMENTARY_MASK 0177777ul - -/* - * The macros that test status codes for error conditions. - * Note that the GSS_ERROR() macro has changed slightly from - * the V1 GSSAPI so that it now evaluates its argument - * only once. - */ -#define GSS_CALLING_ERROR(x) \ - (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) -#define GSS_ROUTINE_ERROR(x) \ - (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) -#define GSS_SUPPLEMENTARY_INFO(x) \ - (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) -#define GSS_ERROR(x) \ - (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ - (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) - -/* - * Now the actual status code definitions - */ - -/* - * Calling errors: - */ -#define GSS_S_CALL_INACCESSIBLE_READ \ - (1ul << GSS_C_CALLING_ERROR_OFFSET) -#define GSS_S_CALL_INACCESSIBLE_WRITE \ - (2ul << GSS_C_CALLING_ERROR_OFFSET) -#define GSS_S_CALL_BAD_STRUCTURE \ - (3ul << GSS_C_CALLING_ERROR_OFFSET) - -/* - * Routine errors: - */ -#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) - -#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_MIC GSS_S_BAD_SIG -#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) - -/* - * Supplementary info bits: - */ -#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) -#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) -#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) -#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) -#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) - -/* - * From RFC1964: - * - * 4.1.1. Non-Kerberos-specific codes - */ - -#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 - /* "No @ in SERVICE-NAME name string" */ -#define GSS_KRB5_S_G_BAD_STRING_UID 2 - /* "STRING-UID-NAME contains nondigits" */ -#define GSS_KRB5_S_G_NOUSER 3 - /* "UID does not resolve to username" */ -#define GSS_KRB5_S_G_VALIDATE_FAILED 4 - /* "Validation error" */ -#define GSS_KRB5_S_G_BUFFER_ALLOC 5 - /* "Couldn't allocate gss_buffer_t data" */ -#define GSS_KRB5_S_G_BAD_MSG_CTX 6 - /* "Message context invalid" */ -#define GSS_KRB5_S_G_WRONG_SIZE 7 - /* "Buffer is the wrong size" */ -#define GSS_KRB5_S_G_BAD_USAGE 8 - /* "Credential usage type is unknown" */ -#define GSS_KRB5_S_G_UNKNOWN_QOP 9 - /* "Unknown quality of protection specified" */ - - /* - * 4.1.2. Kerberos-specific-codes - */ - -#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 - /* "Principal in credential cache does not match desired name" */ -#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 - /* "No principal in keytab matches desired name" */ -#define GSS_KRB5_S_KG_TGT_MISSING 12 - /* "Credential cache has no TGT" */ -#define GSS_KRB5_S_KG_NO_SUBKEY 13 - /* "Authenticator has no subkey" */ -#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 - /* "Context is already fully established" */ -#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 - /* "Unknown signature type in token" */ -#define GSS_KRB5_S_KG_BAD_LENGTH 16 - /* "Invalid field length in token" */ -#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 - /* "Attempt to use incomplete security context" */ - -/* - * Finally, function prototypes for the GSS-API routines. - */ - -OM_uint32 gss_acquire_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ); - -OM_uint32 gss_release_cred - (OM_uint32 * minor_status, - gss_cred_id_t * cred_handle - ); - -OM_uint32 gss_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ); - -OM_uint32 gss_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle - ); - -OM_uint32 gss_process_context_token - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t token_buffer - ); - -OM_uint32 gss_delete_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t output_token - ); - -OM_uint32 gss_context_time - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - OM_uint32 * time_rec - ); - -OM_uint32 gss_get_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token - ); - -OM_uint32 gss_verify_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state - ); - -OM_uint32 gss_wrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ); - -OM_uint32 gss_unwrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state - ); - -OM_uint32 gss_display_status - (OM_uint32 * minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 * message_context, - gss_buffer_t status_string - ); - -OM_uint32 gss_indicate_mechs - (OM_uint32 * minor_status, - gss_OID_set * mech_set - ); - -OM_uint32 gss_compare_name - (OM_uint32 * minor_status, - const gss_name_t name1, - const gss_name_t name2, - int * name_equal - ); - -OM_uint32 gss_display_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t output_name_buffer, - gss_OID * output_name_type - ); - -OM_uint32 gss_import_name - (OM_uint32 * minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, - gss_name_t * output_name - ); - -OM_uint32 gss_export_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t exported_name - ); - -OM_uint32 gss_release_name - (OM_uint32 * minor_status, - gss_name_t * input_name - ); - -OM_uint32 gss_release_buffer - (OM_uint32 * minor_status, - gss_buffer_t buffer - ); - -OM_uint32 gss_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set - ); - -OM_uint32 gss_inquire_cred - (OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - gss_name_t * name, - OM_uint32 * lifetime, - gss_cred_usage_t * cred_usage, - gss_OID_set * mechanisms - ); - -OM_uint32 gss_inquire_context ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_name_t * src_name, - gss_name_t * targ_name, - OM_uint32 * lifetime_rec, - gss_OID * mech_type, - OM_uint32 * ctx_flags, - int * locally_initiated, - int * open - ); - -OM_uint32 gss_wrap_size_limit ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 * max_input_size - ); - -OM_uint32 gss_add_cred ( - OM_uint32 * minor_status, - const gss_cred_id_t input_cred_handle, - const gss_name_t desired_name, - const gss_OID desired_mech, - gss_cred_usage_t cred_usage, - OM_uint32 initiator_time_req, - OM_uint32 acceptor_time_req, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * initiator_time_rec, - OM_uint32 * acceptor_time_rec - ); - -OM_uint32 gss_inquire_cred_by_mech ( - OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - const gss_OID mech_type, - gss_name_t * name, - OM_uint32 * initiator_lifetime, - OM_uint32 * acceptor_lifetime, - gss_cred_usage_t * cred_usage - ); - -OM_uint32 gss_export_sec_context ( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t interprocess_token - ); - -OM_uint32 gss_import_sec_context ( - OM_uint32 * minor_status, - const gss_buffer_t interprocess_token, - gss_ctx_id_t * context_handle - ); - -OM_uint32 gss_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set - ); - -OM_uint32 gss_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set - ); - -OM_uint32 gss_test_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present - ); - -OM_uint32 gss_inquire_names_for_mech ( - OM_uint32 * minor_status, - const gss_OID mechanism, - gss_OID_set * name_types - ); - -OM_uint32 gss_inquire_mechs_for_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - gss_OID_set * mech_types - ); - -OM_uint32 gss_canonicalize_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - const gss_OID mech_type, - gss_name_t * output_name - ); - -OM_uint32 gss_duplicate_name ( - OM_uint32 * minor_status, - const gss_name_t src_name, - gss_name_t * dest_name - ); - -/* - * The following routines are obsolete variants of gss_get_mic, - * gss_verify_mic, gss_wrap and gss_unwrap. They should be - * provided by GSSAPI V2 implementations for backwards - * compatibility with V1 applications. Distinct entrypoints - * (as opposed to #defines) should be provided, both to allow - * GSSAPI V1 applications to link against GSSAPI V2 implementations, - * and to retain the slight parameter type differences between the - * obsolete versions of these routines and their current forms. - */ - -OM_uint32 gss_sign - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int qop_req, - gss_buffer_t message_buffer, - gss_buffer_t message_token - ); - -OM_uint32 gss_verify - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, - int * qop_state - ); - -OM_uint32 gss_seal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ); - -OM_uint32 gss_unseal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - int * qop_state - ); - -/* - * kerberos mechanism specific functions - */ - -OM_uint32 gsskrb5_register_acceptor_identity - (char *identity); - -OM_uint32 gss_krb5_copy_ccache - (OM_uint32 *minor, - gss_cred_id_t cred, - struct krb5_ccache_data *out); - -#endif /* GSSAPI_H_ */ diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h deleted file mode 100644 index 65bd2732f098..000000000000 --- a/crypto/heimdal/lib/gssapi/gssapi_locl.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: gssapi_locl.h,v 1.21 2001/08/29 02:21:09 assar Exp $ */ - -#ifndef GSSAPI_LOCL_H -#define GSSAPI_LOCL_H - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <krb5_locl.h> -#include <gssapi.h> -#include <assert.h> - -extern krb5_context gssapi_krb5_context; - -extern krb5_keytab gssapi_krb5_keytab; - -krb5_error_code gssapi_krb5_init (void); - -OM_uint32 -gssapi_krb5_create_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - OM_uint32 flags, - const krb5_data *fwd_data, - Checksum *result); - -OM_uint32 -gssapi_krb5_verify_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - const Checksum *cksum, - OM_uint32 *flags, - krb5_data *fwd_data); - -OM_uint32 -gssapi_krb5_encapsulate( - OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - u_char *type); - -OM_uint32 -gssapi_krb5_decapsulate( - OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - char *type); - -void -gssapi_krb5_encap_length (size_t data_len, - size_t *len, - size_t *total_len); - -u_char * -gssapi_krb5_make_header (u_char *p, - size_t len, - u_char *type); - -OM_uint32 -gssapi_krb5_verify_header(u_char **str, - size_t total_len, - char *type); - -OM_uint32 -gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key); - -OM_uint32 -gss_krb5_get_localkey(const gss_ctx_id_t context_handle, - krb5_keyblock **key); - -krb5_error_code -gss_address_to_krb5addr(OM_uint32 gss_addr_type, - gss_buffer_desc *gss_addr, - int16_t port, - krb5_address *address); - -/* sec_context flags */ - -#define SC_LOCAL_ADDRESS 0x01 -#define SC_REMOTE_ADDRESS 0x02 -#define SC_KEYBLOCK 0x04 -#define SC_LOCAL_SUBKEY 0x08 -#define SC_REMOTE_SUBKEY 0x10 - -void -gssapi_krb5_set_error_string (void); - -char * -gssapi_krb5_get_error_string (void); - -#endif diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c deleted file mode 100644 index 2f2ec1ad0705..000000000000 --- a/crypto/heimdal/lib/gssapi/import_name.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: import_name.c,v 1.11 2002/06/20 20:05:42 nectar Exp $"); - -static OM_uint32 -import_krb5_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - krb5_error_code kerr; - char *tmp; - - tmp = malloc (input_name_buffer->length + 1); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, - input_name_buffer->value, - input_name_buffer->length); - tmp[input_name_buffer->length] = '\0'; - - kerr = krb5_parse_name (gssapi_krb5_context, - tmp, - output_name); - free (tmp); - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } -} - -static OM_uint32 -import_hostbased_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - krb5_error_code kerr; - char *tmp; - char *p; - char *host; - char local_hostname[MAXHOSTNAMELEN]; - - tmp = malloc (input_name_buffer->length + 1); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, - input_name_buffer->value, - input_name_buffer->length); - tmp[input_name_buffer->length] = '\0'; - - p = strchr (tmp, '@'); - if (p != NULL) { - *p = '\0'; - host = p + 1; - } else { - if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { - *minor_status = errno; - free (tmp); - return GSS_S_FAILURE; - } - host = local_hostname; - } - - kerr = krb5_sname_to_principal (gssapi_krb5_context, - host, - tmp, - KRB5_NT_SRV_HST, - output_name); - free (tmp); - *minor_status = kerr; - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } -} - -static int -oid_equal(const gss_OID a, const gss_OID b) -{ - if (a == b) - return 1; - else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length) - return 0; - else - return memcmp(a->elements, b->elements, a->length) == 0; -} - -OM_uint32 gss_import_name - (OM_uint32 * minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, - gss_name_t * output_name - ) -{ - gssapi_krb5_init (); - - if (oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) - return import_hostbased_name (minor_status, - input_name_buffer, - output_name); - else if (input_name_type == GSS_C_NO_OID - || oid_equal(input_name_type, GSS_C_NT_USER_NAME) - || oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) - /* default printable syntax */ - return import_krb5_name (minor_status, - input_name_buffer, - output_name); - else { - *minor_status = 0; - return GSS_S_BAD_NAMETYPE; - } -} diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c deleted file mode 100644 index c84f3b6541ef..000000000000 --- a/crypto/heimdal/lib/gssapi/import_sec_context.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: import_sec_context.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); - -OM_uint32 -gss_import_sec_context ( - OM_uint32 * minor_status, - const gss_buffer_t interprocess_token, - gss_ctx_id_t * context_handle - ) -{ - OM_uint32 ret = GSS_S_FAILURE; - krb5_error_code kret; - krb5_storage *sp; - krb5_auth_context ac; - krb5_address local, remote; - krb5_address *localp, *remotep; - krb5_data data; - gss_buffer_desc buffer; - krb5_keyblock keyblock; - int32_t tmp; - int32_t flags; - OM_uint32 minor; - - gssapi_krb5_init (); - - sp = krb5_storage_from_mem (interprocess_token->value, - interprocess_token->length); - if (sp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == NULL) { - *minor_status = ENOMEM; - krb5_storage_free (sp); - return GSS_S_FAILURE; - } - memset (*context_handle, 0, sizeof(**context_handle)); - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - /* flags */ - - krb5_ret_int32 (sp, &flags); - - /* retrieve the auth context */ - - ac = (*context_handle)->auth_context; - krb5_ret_int32 (sp, &ac->flags); - if (flags & SC_LOCAL_ADDRESS) - krb5_ret_address (sp, localp = &local); - else - localp = NULL; - if (flags & SC_REMOTE_ADDRESS) - krb5_ret_address (sp, remotep = &remote); - else - remotep = NULL; - krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep); - if (localp) - krb5_free_address (gssapi_krb5_context, localp); - if (remotep) - krb5_free_address (gssapi_krb5_context, remotep); - krb5_ret_int16 (sp, &ac->local_port); - krb5_ret_int16 (sp, &ac->remote_port); - if (flags & SC_KEYBLOCK) { - krb5_ret_keyblock (sp, &keyblock); - krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock); - krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); - } - if (flags & SC_LOCAL_SUBKEY) { - krb5_ret_keyblock (sp, &keyblock); - krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock); - krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); - } - if (flags & SC_REMOTE_SUBKEY) { - krb5_ret_keyblock (sp, &keyblock); - krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock); - krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); - } - krb5_ret_int32 (sp, &ac->local_seqnumber); - krb5_ret_int32 (sp, &ac->remote_seqnumber); - -#if 0 - { - size_t sz; - - krb5_ret_data (sp, &data); - ac->authenticator = malloc (sizeof (*ac->authenticator)); - if (ac->authenticator == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = decode_Authenticator (data.data, data.length, - ac->authenticator, &sz); - krb5_data_free (&data); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - } -#endif - - krb5_ret_int32 (sp, &tmp); - ac->keytype = tmp; - krb5_ret_int32 (sp, &tmp); - ac->cksumtype = tmp; - - /* names */ - - krb5_ret_data (sp, &data); - buffer.value = data.data; - buffer.length = data.length; - - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->source); - krb5_data_free (&data); - if (ret) - goto failure; - - krb5_ret_data (sp, &data); - buffer.value = data.data; - buffer.length = data.length; - - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->target); - krb5_data_free (&data); - if (ret) - goto failure; - - krb5_ret_int32 (sp, &tmp); - (*context_handle)->flags = tmp; - krb5_ret_int32 (sp, &tmp); - (*context_handle)->more_flags = tmp; - - return GSS_S_COMPLETE; - -failure: - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if ((*context_handle)->source != NULL) - gss_release_name(&minor, &(*context_handle)->source); - if ((*context_handle)->target != NULL) - gss_release_name(&minor, &(*context_handle)->target); - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c deleted file mode 100644 index c77d1774bd68..000000000000 --- a/crypto/heimdal/lib/gssapi/indicate_mechs.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: indicate_mechs.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); - -OM_uint32 gss_indicate_mechs - (OM_uint32 * minor_status, - gss_OID_set * mech_set - ) -{ - *mech_set = malloc(sizeof(**mech_set)); - if (*mech_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*mech_set)->count = 1; - (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc)); - if ((*mech_set)->elements == NULL) { - free (*mech_set); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c deleted file mode 100644 index ddc0d7090a92..000000000000 --- a/crypto/heimdal/lib/gssapi/init.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $"); - -krb5_error_code -gssapi_krb5_init (void) -{ - if(gssapi_krb5_context == NULL) - return krb5_init_context (&gssapi_krb5_context); - return 0; -} diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c deleted file mode 100644 index 2cef3a963a10..000000000000 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ /dev/null @@ -1,536 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $"); - -/* - * copy the addresses from `input_chan_bindings' (if any) to - * the auth context `ac' - */ - -static OM_uint32 -set_addresses (krb5_auth_context ac, - const gss_channel_bindings_t input_chan_bindings) -{ - /* Port numbers are expected to be in application_data.value, - * initator's port first */ - - krb5_address initiator_addr, acceptor_addr; - krb5_error_code kret; - - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS - || input_chan_bindings->application_data.length != - 2 * sizeof(ac->local_port)) - return 0; - - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - - ac->local_port = - *(int16_t *) input_chan_bindings->application_data.value; - - ac->remote_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); - - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - ac->remote_port, - &acceptor_addr); - if (kret) - return kret; - - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - ac->local_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - return kret; - } - - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - ac, - &initiator_addr, /* local address */ - &acceptor_addr); /* remote address */ - - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - -#if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; -#endif - - return kret; -} - -/* - * handle delegated creds in init-sec-context - */ - -static void -do_delegation (krb5_auth_context ac, - krb5_ccache ccache, - krb5_creds *cred, - const gss_name_t target_name, - krb5_data *fwd_data, - int *flags) -{ - krb5_creds creds; - krb5_kdc_flags fwd_flags; - krb5_keyblock *subkey; - krb5_error_code kret; - - memset (&creds, 0, sizeof(creds)); - krb5_data_zero (fwd_data); - - kret = krb5_generate_subkey (gssapi_krb5_context, &cred->session, &subkey); - if (kret) - goto out; - - kret = krb5_auth_con_setlocalsubkey(gssapi_krb5_context, ac, subkey); - krb5_free_keyblock (gssapi_krb5_context, subkey); - if (kret) - goto out; - - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client); - if (kret) - goto out; - - kret = krb5_build_principal(gssapi_krb5_context, - &creds.server, - strlen(creds.client->realm), - creds.client->realm, - KRB5_TGS_NAME, - creds.client->realm, - NULL); - if (kret) - goto out; - - creds.times.endtime = 0; - - fwd_flags.i = 0; - fwd_flags.b.forwarded = 1; - fwd_flags.b.forwardable = 1; - - if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/ - target_name->name.name_string.len < 2) - goto out; - - kret = krb5_get_forwarded_creds(gssapi_krb5_context, - ac, - ccache, - fwd_flags.i, - target_name->name.name_string.val[1], - &creds, - fwd_data); - - out: - if (kret) - *flags &= ~GSS_C_DELEG_FLAG; - else - *flags |= GSS_C_DELEG_FLAG; - - if (creds.client) - krb5_free_principal(gssapi_krb5_context, creds.client); - if (creds.server) - krb5_free_principal(gssapi_krb5_context, creds.server); -} - -/* - * first stage of init-sec-context - */ - -static OM_uint32 -init_auth -(OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret = GSS_S_FAILURE; - krb5_error_code kret; - krb5_flags ap_options; - krb5_creds this_cred, *cred; - krb5_data outbuf; - krb5_ccache ccache; - u_int32_t flags; - Authenticator *auth; - krb5_data authenticator; - Checksum cksum; - krb5_enctype enctype; - krb5_data fwd_data; - - output_token->length = 0; - output_token->value = NULL; - - krb5_data_zero(&outbuf); - krb5_data_zero(&fwd_data); - - *minor_status = 0; - - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = set_addresses ((*context_handle)->auth_context, - input_chan_bindings); - if (kret) { - *minor_status = kret; - ret = GSS_S_BAD_BINDINGS; - goto failure; - } - - { - int32_t tmp; - - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } - - if (actual_mech_type) - *actual_mech_type = GSS_KRB5_MECHANISM; - - if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - } else - ccache = initiator_cred_handle->ccache; - - kret = krb5_cc_get_principal (gssapi_krb5_context, - ccache, - &(*context_handle)->source); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - target_name, - &(*context_handle)->target); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - memset(&this_cred, 0, sizeof(this_cred)); - this_cred.client = (*context_handle)->source; - this_cred.server = (*context_handle)->target; - if (time_req) { - krb5_timestamp ts; - - krb5_timeofday (gssapi_krb5_context, &ts); - this_cred.times.endtime = ts + time_req; - } else - this_cred.times.endtime = 0; - this_cred.session.keytype = 0; - - kret = krb5_get_credentials (gssapi_krb5_context, - KRB5_TC_MATCH_KEYTYPE, - ccache, - &this_cred, - &cred); - - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - krb5_auth_con_setkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - - flags = 0; - ap_options = 0; - if (req_flags & GSS_C_DELEG_FLAG) - do_delegation ((*context_handle)->auth_context, - ccache, cred, target_name, &fwd_data, &flags); - - if (req_flags & GSS_C_MUTUAL_FLAG) { - flags |= GSS_C_MUTUAL_FLAG; - ap_options |= AP_OPTS_MUTUAL_REQUIRED; - } - - if (req_flags & GSS_C_REPLAY_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_SEQUENCE_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_ANON_FLAG) - ; /* XXX */ - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; - flags |= GSS_C_SEQUENCE_FLAG; - flags |= GSS_C_TRANS_FLAG; - - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags = LOCAL; - - ret = gssapi_krb5_create_8003_checksum (minor_status, - input_chan_bindings, - flags, - &fwd_data, - &cksum); - krb5_data_free (&fwd_data); - if (ret) - goto failure; - -#if 1 - enctype = (*context_handle)->auth_context->keyblock->keytype; -#else - if ((*context_handle)->auth_context->enctype) - enctype = (*context_handle)->auth_context->enctype; - else { - kret = krb5_keytype_to_enctype(gssapi_krb5_context, - (*context_handle)->auth_context->keyblock->keytype, - &enctype); - if (kret) - return kret; - } -#endif - - kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - if(kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_build_authenticator (gssapi_krb5_context, - (*context_handle)->auth_context, - enctype, - cred, - &cksum, - &auth, - &authenticator, - KRB5_KU_AP_REQ_AUTH); - - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_build_ap_req (gssapi_krb5_context, - enctype, - cred, - ap_options, - authenticator, - &outbuf); - - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token, - "\x01\x00"); - if (ret) - goto failure; - - krb5_data_free (&outbuf); - - if (flags & GSS_C_MUTUAL_FLAG) { - return GSS_S_CONTINUE_NEEDED; - } else { - (*context_handle)->more_flags |= OPEN; - return GSS_S_COMPLETE; - } - - failure: - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - krb5_data_free (&outbuf); - *context_handle = GSS_C_NO_CONTEXT; - return ret; -} - -static OM_uint32 -repl_mutual - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_error_code kret; - krb5_data indata; - krb5_ap_rep_enc_part *repl; - - ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, - "\x02\x00"); - if (ret) - /* XXX - Handle AP_ERROR */ - return ret; - - kret = krb5_rd_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &indata, - &repl); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - krb5_free_ap_rep_enc_part (gssapi_krb5_context, - repl); - - output_token->length = 0; - - (*context_handle)->more_flags |= OPEN; - - return GSS_S_COMPLETE; -} - -/* - * gss_init_sec_context - */ - -OM_uint32 gss_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - gssapi_krb5_init (); - - if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) - return init_auth (minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - else - return repl_mutual(minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); -} diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c deleted file mode 100644 index 64632530b932..000000000000 --- a/crypto/heimdal/lib/gssapi/inquire_context.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_context.c,v 1.3 1999/12/02 17:05:04 joda Exp $"); - -OM_uint32 gss_inquire_context ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_name_t * src_name, - gss_name_t * targ_name, - OM_uint32 * lifetime_rec, - gss_OID * mech_type, - OM_uint32 * ctx_flags, - int * locally_initiated, - int * open - ) -{ - OM_uint32 ret; - - if (src_name) { - ret = gss_duplicate_name (minor_status, - context_handle->source, - src_name); - if (ret) - return ret; - } - - if (targ_name) { - ret = gss_duplicate_name (minor_status, - context_handle->target, - targ_name); - if (ret) - return ret; - } - - if (lifetime_rec) - *lifetime_rec = GSS_C_INDEFINITE; - - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; - - if (ctx_flags) - *ctx_flags = context_handle->flags; - - if (locally_initiated) - *locally_initiated = context_handle->more_flags & LOCAL; - - if (open) - *open = context_handle->more_flags & OPEN; - - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c deleted file mode 100644 index 62f3f5053a47..000000000000 --- a/crypto/heimdal/lib/gssapi/inquire_cred.c +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_cred.c,v 1.3 2002/08/20 12:02:45 nectar Exp $"); - -OM_uint32 gss_inquire_cred - (OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - gss_name_t * name, - OM_uint32 * lifetime, - gss_cred_usage_t * cred_usage, - gss_OID_set * mechanisms - ) -{ - OM_uint32 ret; - - if (cred_handle == GSS_C_NO_CREDENTIAL) { - return GSS_S_FAILURE; - } - - if (name != NULL) { - if (cred_handle->principal != NULL) { - ret = gss_duplicate_name(minor_status, cred_handle->principal, - name); - if (ret) - return ret; - } else if (cred_handle->usage == GSS_C_ACCEPT) { - *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, - NULL, KRB5_NT_SRV_HST, name); - if (*minor_status) - return GSS_S_FAILURE; - } else { - *minor_status = krb5_get_default_principal(gssapi_krb5_context, - name); - if (*minor_status) - return GSS_S_FAILURE; - } - } - if (lifetime != NULL) { - *lifetime = cred_handle->lifetime; - } - if (cred_usage != NULL) { - *cred_usage = cred_handle->usage; - } - if (mechanisms != NULL) { - ret = gss_create_empty_oid_set(minor_status, mechanisms); - if (ret) { - return ret; - } - ret = gss_add_oid_set_member(minor_status, - &cred_handle->mechanisms->elements[0], - mechanisms); - if (ret) { - return ret; - } - } - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c deleted file mode 100644 index f399a1816fed..000000000000 --- a/crypto/heimdal/lib/gssapi/release_buffer.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_buffer.c,v 1.4 2000/04/12 09:47:23 assar Exp $"); - -OM_uint32 gss_release_buffer - (OM_uint32 * minor_status, - gss_buffer_t buffer - ) -{ - free (buffer->value); - buffer->value = NULL; - buffer->length = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c deleted file mode 100644 index a414a987bb26..000000000000 --- a/crypto/heimdal/lib/gssapi/release_cred.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_cred.c,v 1.6 2002/08/20 12:02:45 nectar Exp $"); - -OM_uint32 gss_release_cred - (OM_uint32 * minor_status, - gss_cred_id_t * cred_handle - ) -{ - if (*cred_handle == GSS_C_NO_CREDENTIAL) { - return GSS_S_COMPLETE; - } - - gssapi_krb5_init (); - - if ((*cred_handle)->principal != NULL) - krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); - if ((*cred_handle)->keytab != NULL) - krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); - if ((*cred_handle)->ccache != NULL) - krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache); - gss_release_oid_set(NULL, &(*cred_handle)->mechanisms); - free(*cred_handle); - *cred_handle = GSS_C_NO_CREDENTIAL; - return GSS_S_COMPLETE; -} - diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c deleted file mode 100644 index ce18a91177ae..000000000000 --- a/crypto/heimdal/lib/gssapi/release_name.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_name.c,v 1.5 2000/04/12 09:48:27 assar Exp $"); - -OM_uint32 gss_release_name - (OM_uint32 * minor_status, - gss_name_t * input_name - ) -{ - gssapi_krb5_init (); - krb5_free_principal(gssapi_krb5_context, - *input_name); - *input_name = GSS_C_NO_NAME; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c deleted file mode 100644 index 42257889f41d..000000000000 --- a/crypto/heimdal/lib/gssapi/release_oid_set.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_oid_set.c,v 1.4 2000/04/19 13:06:13 assar Exp $"); - -OM_uint32 gss_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set - ) -{ - free ((*set)->elements); - free (*set); - *set = GSS_C_NO_OID_SET; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c deleted file mode 100644 index 47e9fa789fb9..000000000000 --- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: test_oid_set_member.c,v 1.4 1999/12/02 17:05:04 joda Exp $"); - -OM_uint32 gss_test_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present - ) -{ - size_t i; - - *present = 0; - for (i = 0; i < set->count; ++i) - if (member->length == set->elements[i].length - && memcmp (member->elements, - set->elements[i].elements, - member->length) == 0) { - *present = 1; - break; - } - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c deleted file mode 100644 index 5acb2e9571af..000000000000 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ /dev/null @@ -1,419 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $"); - -OM_uint32 -gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) -{ - krb5_keyblock *skey; - - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - return GSS_S_FAILURE; - *key = skey; - return 0; -} - -static OM_uint32 -unwrap_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p, *pad; - size_t len; - MD5_CTX md5; - u_char hash[16], seq_data[8]; - des_key_schedule schedule; - des_cblock deskey; - des_cblock zero; - int i; - int32_t seq_number; - size_t padlength; - OM_uint32 ret; - int cstate; - - p = input_message_buffer->value; - ret = gssapi_krb5_verify_header (&p, - input_message_buffer->length, - "\x02\x01"); - if (ret) { - *minor_status = 0; - return ret; - } - - if (memcmp (p, "\x00\x00", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\x00\x00", 2) == 0) { - cstate = 1; - } else if (memcmp (p, "\xFF\xFF", 2) == 0) { - cstate = 0; - } else - return GSS_S_BAD_MIC; - p += 2; - if(conf_state != NULL) - *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - p += 16; - - len = p - (u_char *)input_message_buffer->value; - - if(cstate) { - /* decrypt data */ - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - for (i = 0; i < sizeof(deskey); ++i) - deskey[i] ^= 0xf0; - des_set_key (&deskey, schedule); - memset (&zero, 0, sizeof(zero)); - des_cbc_encrypt ((void *)p, - (void *)p, - input_message_buffer->length - len, - schedule, - &zero, - DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - } - /* check pad */ - - pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1; - padlength = *pad; - - for (i = padlength; i > 0 && *pad == padlength; i--, pad--) - ; - if (i != 0) - return GSS_S_BAD_MIC; - - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, input_message_buffer->length - len); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) - return GSS_S_BAD_MIC; - - /* verify sequence number */ - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq_data[0] = (seq_number >> 0) & 0xFF; - seq_data[1] = (seq_number >> 8) & 0xFF; - seq_data[2] = (seq_number >> 16) & 0xFF; - seq_data[3] = (seq_number >> 24) & 0xFF; - memset (seq_data + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - - p -= 16; - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)hash, DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - - if (memcmp (p, seq_data, 8) != 0) { - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* copy out data */ - - output_message_buffer->length = input_message_buffer->length - - len - padlength - 8; - output_message_buffer->value = malloc(output_message_buffer->length); - if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) - return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 24, - output_message_buffer->length); - return GSS_S_COMPLETE; -} - -static OM_uint32 -unwrap_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p, *pad; - size_t len; - u_char seq[8]; - krb5_data seq_data; - u_char cksum[20]; - int i; - int32_t seq_number; - size_t padlength; - OM_uint32 ret; - int cstate; - krb5_crypto crypto; - Checksum csum; - int cmp; - - p = input_message_buffer->value; - ret = gssapi_krb5_verify_header (&p, - input_message_buffer->length, - "\x02\x01"); - if (ret) { - *minor_status = 0; - return ret; - } - - if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\x02\x00", 2) == 0) { - cstate = 1; - } else if (memcmp (p, "\xff\xff", 2) == 0) { - cstate = 0; - } else - return GSS_S_BAD_MIC; - p += 2; - if(conf_state != NULL) - *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - p += 28; - - len = p - (u_char *)input_message_buffer->value; - - if(cstate) { - /* decrypt data */ - krb5_data tmp; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, - p, input_message_buffer->length - len, &tmp); - krb5_crypto_destroy(gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - assert (tmp.length == input_message_buffer->length - len); - - memcpy (p, tmp.data, tmp.length); - krb5_data_free(&tmp); - } - /* check pad */ - - pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1; - padlength = *pad; - - for (i = padlength; i > 0 && *pad == padlength; i--, pad--) - ; - if (i != 0) - return GSS_S_BAD_MIC; - - /* verify sequence number */ - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - - p -= 28; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - { - des_cblock ivec; - - memcpy(&ivec, p + 8, 8); - ret = krb5_decrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data, - &ivec); - } - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - if (seq_data.length != 8) { - krb5_data_free (&seq_data); - return GSS_S_BAD_MIC; - } - - cmp = memcmp (seq, seq_data.data, seq_data.length); - krb5_data_free (&seq_data); - if (cmp != 0) { - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* verify checksum */ - - memcpy (cksum, p + 8, 20); - - memcpy (p + 20, p - 8, 8); - - csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; - csum.checksum.length = 20; - csum.checksum.data = cksum; - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_verify_checksum (gssapi_krb5_context, crypto, - KRB5_KU_USAGE_SIGN, - p + 20, - input_message_buffer->length - len + 8, - &csum); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* copy out data */ - - output_message_buffer->length = input_message_buffer->length - - len - padlength - 8; - output_message_buffer->value = malloc(output_message_buffer->length); - if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) - return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 36, - output_message_buffer->length); - return GSS_S_COMPLETE; -} - -OM_uint32 gss_unwrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; - ret = gss_krb5_get_remotekey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = unwrap_des (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - case KEYTYPE_DES3 : - ret = unwrap_des3 (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/v1.c b/crypto/heimdal/lib/gssapi/v1.c deleted file mode 100644 index 34091ea71572..000000000000 --- a/crypto/heimdal/lib/gssapi/v1.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $"); - -/* These functions are for V1 compatibility */ - -OM_uint32 gss_sign - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int qop_req, - gss_buffer_t message_buffer, - gss_buffer_t message_token - ) -{ - return gss_get_mic(minor_status, - context_handle, - (gss_qop_t)qop_req, - message_buffer, - message_token); -} - -OM_uint32 gss_verify - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, - int * qop_state - ) -{ - return gss_verify_mic(minor_status, - context_handle, - message_buffer, - token_buffer, - (gss_qop_t *)qop_state); -} - -OM_uint32 gss_seal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ) -{ - return gss_wrap(minor_status, - context_handle, - conf_req_flag, - (gss_qop_t)qop_req, - input_message_buffer, - conf_state, - output_message_buffer); -} - -OM_uint32 gss_unseal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - int * qop_state - ) -{ - return gss_unwrap(minor_status, - context_handle, - input_message_buffer, - output_message_buffer, - conf_state, - (gss_qop_t *)qop_state); -} diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c deleted file mode 100644 index 7915fa587de2..000000000000 --- a/crypto/heimdal/lib/gssapi/verify_mic.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: verify_mic.c,v 1.16 2002/05/20 15:14:00 nectar Exp $"); - -static OM_uint32 -verify_mic_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16], seq_data[8]; - des_key_schedule schedule; - des_cblock zero; - des_cblock deskey; - int32_t seq_number; - OM_uint32 ret; - - p = token_buffer->value; - ret = gssapi_krb5_verify_header (&p, - token_buffer->length, - "\x01\x01"); - if (ret) { - *minor_status = 0; - return ret; - } - - if (memcmp(p, "\x00\x00", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - p += 16; - - /* verify checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, - message_buffer->length); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) { - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - return GSS_S_BAD_MIC; - } - - /* verify sequence number */ - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq_data[0] = (seq_number >> 0) & 0xFF; - seq_data[1] = (seq_number >> 8) & 0xFF; - seq_data[2] = (seq_number >> 16) & 0xFF; - seq_data[3] = (seq_number >> 24) & 0xFF; - memset (seq_data + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - - p -= 16; - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)hash, DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - - if (memcmp (p, seq_data, 8) != 0) { - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - return GSS_S_COMPLETE; -} - -static OM_uint32 -verify_mic_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p; - u_char seq[8]; - int32_t seq_number; - OM_uint32 ret; - krb5_crypto crypto; - krb5_data seq_data; - int cmp; - Checksum csum; - char *tmp; - - p = token_buffer->value; - ret = gssapi_krb5_verify_header (&p, - token_buffer->length, - "\x01\x01"); - if (ret) { - *minor_status = 0; - return ret; - } - - if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret){ - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* verify sequence number */ - - ret = krb5_decrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data); - if (ret) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - return GSS_S_FAILURE; - } - - if (seq_data.length != 8) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - krb5_data_free (&seq_data); - return GSS_S_BAD_MIC; - } - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - cmp = memcmp (seq, seq_data.data, seq_data.length); - krb5_data_free (&seq_data); - if (cmp != 0) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; - } - - /* verify checksum */ - - tmp = malloc (message_buffer->length + 8); - if (tmp == NULL) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - memcpy (tmp, p - 8, 8); - memcpy (tmp + 8, message_buffer->value, message_buffer->length); - - csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; - csum.checksum.length = 20; - csum.checksum.data = p + 8; - - ret = krb5_verify_checksum (gssapi_krb5_context, crypto, - KRB5_KU_USAGE_SIGN, - tmp, message_buffer->length + 8, - &csum); - free (tmp); - if (ret) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_verify_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; - ret = gss_krb5_get_remotekey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - switch (keytype) { - case KEYTYPE_DES : - ret = verify_mic_des (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key); - break; - case KEYTYPE_DES3 : - ret = verify_mic_des3 (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c deleted file mode 100644 index 1a9d7ea8c813..000000000000 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ /dev/null @@ -1,441 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $"); - -OM_uint32 -gss_krb5_get_localkey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) -{ - krb5_keyblock *skey; - - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - return GSS_S_FAILURE; - *key = skey; - return 0; -} - -static OM_uint32 -sub_wrap_size ( - OM_uint32 req_output_size, - OM_uint32 * max_input_size, - int blocksize, - int extrasize - ) -{ - size_t len, total_len, padlength; - padlength = blocksize - (req_output_size % blocksize); - len = req_output_size + 8 + padlength + extrasize; - gssapi_krb5_encap_length(len, &len, &total_len); - *max_input_size = (OM_uint32)total_len; - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_wrap_size_limit ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 * max_input_size - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_localkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); - break; - case KEYTYPE_DES3 : - ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} - -static OM_uint32 -wrap_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16]; - des_key_schedule schedule; - des_cblock deskey; - des_cblock zero; - int i; - int32_t seq_number; - size_t len, total_len, padlength, datalen; - - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - gssapi_krb5_encap_length (len, &len, &total_len); - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) - return GSS_S_FAILURE; - - p = gssapi_krb5_make_header(output_message_buffer->value, - len, - "\x02\x01"); /* TOK_ID */ - - /* SGN_ALG */ - memcpy (p, "\x00\x00", 2); - p += 2; - /* SEAL_ALG */ - if(conf_req_flag) - memcpy (p, "\x00\x00", 2); - else - memcpy (p, "\xff\xff", 2); - p += 2; - /* Filler */ - memcpy (p, "\xff\xff", 2); - p += 2; - - /* fill in later */ - memset (p, 0, 16); - p += 16; - - /* confounder + data + pad */ - krb5_generate_random_block(p, 8); - memcpy (p + 8, input_message_buffer->value, - input_message_buffer->length); - memset (p + 8 + input_message_buffer->length, padlength, padlength); - - /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, datalen); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - memcpy (p - 8, hash, 8); - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - p -= 16; - p[0] = (seq_number >> 0) & 0xFF; - p[1] = (seq_number >> 8) & 0xFF; - p[2] = (seq_number >> 16) & 0xFF; - p[3] = (seq_number >> 24) & 0xFF; - memset (p + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* encrypt the data */ - p += 16; - - if(conf_req_flag) { - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - for (i = 0; i < sizeof(deskey); ++i) - deskey[i] ^= 0xf0; - des_set_key (&deskey, schedule); - memset (&zero, 0, sizeof(zero)); - des_cbc_encrypt ((void *)p, - (void *)p, - datalen, - schedule, - &zero, - DES_ENCRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - } - if(conf_state != NULL) - *conf_state = conf_req_flag; - return GSS_S_COMPLETE; -} - -static OM_uint32 -wrap_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key - ) -{ - u_char *p; - u_char seq[8]; - int32_t seq_number; - size_t len, total_len, padlength, datalen; - u_int32_t ret; - krb5_crypto crypto; - Checksum cksum; - krb5_data encdata; - - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - gssapi_krb5_encap_length (len, &len, &total_len); - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) - return GSS_S_FAILURE; - - p = gssapi_krb5_make_header(output_message_buffer->value, - len, - "\x02\x01"); /* TOK_ID */ - - /* SGN_ALG */ - memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ - p += 2; - /* SEAL_ALG */ - if(conf_req_flag) - memcpy (p, "\x02\x00", 2); /* DES3-KD */ - else - memcpy (p, "\xff\xff", 2); - p += 2; - /* Filler */ - memcpy (p, "\xff\xff", 2); - p += 2; - - /* calculate checksum (the above + confounder + data + pad) */ - - memcpy (p + 20, p - 8, 8); - krb5_generate_random_block(p + 28, 8); - memcpy (p + 28 + 8, input_message_buffer->value, - input_message_buffer->length); - memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength); - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_create_checksum (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SIGN, - 0, - p + 20, - datalen + 8, - &cksum); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* zero out SND_SEQ + SGN_CKSUM in case */ - memset (p, 0, 28); - - memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); - free_Checksum (&cksum); - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - - ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, - &crypto); - if (ret) { - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - { - des_cblock ivec; - - memcpy (&ivec, p + 8, 8); - ret = krb5_encrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata, - &ivec); - } - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - assert (encdata.length == 8); - - memcpy (p, encdata.data, encdata.length); - krb5_data_free (&encdata); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* encrypt the data */ - p += 28; - - if(conf_req_flag) { - krb5_data tmp; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, - p, datalen, &tmp); - krb5_crypto_destroy(gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - assert (tmp.length == datalen); - - memcpy (p, tmp.data, datalen); - krb5_data_free(&tmp); - } - if(conf_state != NULL) - *conf_state = conf_req_flag; - return GSS_S_COMPLETE; -} - -OM_uint32 gss_wrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_localkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = wrap_des (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - case KEYTYPE_DES3 : - ret = wrap_des3 (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} |