diff options
Diffstat (limited to 'appl/gssmask')
| -rw-r--r-- | appl/gssmask/Makefile.am | 5 | ||||
| -rw-r--r-- | appl/gssmask/Makefile.in | 229 | ||||
| -rw-r--r-- | appl/gssmask/NTMakefile | 35 | ||||
| -rw-r--r-- | appl/gssmask/common.c | 28 | ||||
| -rw-r--r-- | appl/gssmask/common.h | 30 | ||||
| -rw-r--r-- | appl/gssmask/gssmaestro.c | 212 | ||||
| -rw-r--r-- | appl/gssmask/gssmask.c | 279 | ||||
| -rw-r--r-- | appl/gssmask/protocol.h | 81 |
8 files changed, 663 insertions, 236 deletions
diff --git a/appl/gssmask/Makefile.am b/appl/gssmask/Makefile.am index 347a27ec9290..55673a03999c 100644 --- a/appl/gssmask/Makefile.am +++ b/appl/gssmask/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -8,5 +8,6 @@ gssmask_SOURCES = gssmask.c common.c common.h protocol.h gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h -LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) +LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) $(top_builddir)/lib/krb5/libkrb5.la +EXTRA_DIST = NTMakefile diff --git a/appl/gssmask/Makefile.in b/appl/gssmask/Makefile.in index a51092274cfe..e01b83ede203 100644 --- a/appl/gssmask/Makefile.in +++ b/appl/gssmask/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ noinst_PROGRAMS = gssmask$(EXEEXT) gssmaestro$(EXEEXT) subdir = appl/gssmask ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,27 +89,28 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_gssmaestro_OBJECTS = gssmaestro.$(OBJEXT) common.$(OBJEXT) gssmaestro_OBJECTS = $(am_gssmaestro_OBJECTS) gssmaestro_LDADD = $(LDADD) am__DEPENDENCIES_1 = gssmaestro_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la am_gssmask_OBJECTS = gssmask.$(OBJEXT) common.$(OBJEXT) gssmask_OBJECTS = $(am_gssmask_OBJECTS) gssmask_LDADD = $(LDADD) gssmask_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -123,49 +129,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -189,10 +204,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -209,6 +225,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -224,31 +242,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -263,10 +295,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -307,49 +341,55 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la gssmask_SOURCES = gssmask.c common.c common.h protocol.h gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h -LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) +LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) $(top_builddir)/lib/krb5/libkrb5.la +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/gssmask/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/gssmask/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/gssmask/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/gssmask/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -367,13 +407,16 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list gssmaestro$(EXEEXT): $(gssmaestro_OBJECTS) $(gssmaestro_DEPENDENCIES) @rm -f gssmaestro$(EXEEXT) $(LINK) $(gssmaestro_OBJECTS) $(gssmaestro_LDADD) $(LIBS) @@ -387,14 +430,30 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssmaestro.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssmask.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -407,45 +466,49 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -466,13 +529,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -504,6 +571,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -514,6 +582,7 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -524,6 +593,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -531,26 +602,35 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -570,9 +650,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \ @@ -657,6 +736,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -742,7 +824,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -755,6 +837,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/appl/gssmask/NTMakefile b/appl/gssmask/NTMakefile new file mode 100644 index 000000000000..4ad1dc4f753c --- /dev/null +++ b/appl/gssmask/NTMakefile @@ -0,0 +1,35 @@ +######################################################################## +# +# Copyright (c) 2009, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR=appl\gssmask + +!include ../../windows/NTMakefile.w32 + diff --git a/appl/gssmask/common.c b/appl/gssmask/common.c index a57b803abafb..8d7d8fa2252b 100644 --- a/appl/gssmask/common.c +++ b/appl/gssmask/common.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ #include <common.h> -RCSID("$Id: common.c 18900 2006-11-03 05:21:01Z lha $"); +RCSID("$Id$"); krb5_error_code store_string(krb5_storage *sp, const char *str) @@ -62,8 +62,8 @@ add_list(char ****list, size_t *listlen, char **str, size_t len) } static void -permute(char ****list, size_t *listlen, - char **str, const int start, const int len) +permute(char ****list, size_t *listlen, + char **str, const int start, const int len) { int i, j; diff --git a/appl/gssmask/common.h b/appl/gssmask/common.h index a44339e4596c..cd9b0817f55d 100644 --- a/appl/gssmask/common.h +++ b/appl/gssmask/common.h @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -31,13 +31,13 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: common.h 18250 2006-10-06 07:22:00Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include <config.h> #endif -/* +/* * pthread support is disable because the pthread * test have no "application pthread libflags" variable, * when this is fixed pthread support can be enabled again. @@ -55,7 +55,9 @@ #include <assert.h> #include <krb5.h> -#include <gssapi.h> +#include <gssapi/gssapi.h> +#include <gssapi/gssapi_krb5.h> +#include <gssapi/gssapi_spnego.h> #include <unistd.h> #include <roken.h> diff --git a/appl/gssmask/gssmaestro.c b/appl/gssmask/gssmaestro.c index 610c53f5f59b..c972cada2621 100644 --- a/appl/gssmask/gssmaestro.c +++ b/appl/gssmask/gssmaestro.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ #include <common.h> -RCSID("$Id: gssmaestro.c 21605 2007-07-17 06:51:57Z lha $"); +RCSID("$Id$"); static FILE *logfile; @@ -61,9 +61,9 @@ static struct client **clients; static int num_clients; static int -init_sec_context(struct client *client, +init_sec_context(struct client *client, int32_t *hContext, int32_t *hCred, - int32_t flags, + int32_t flags, const char *targetname, const krb5_data *itoken, krb5_data *otoken) { @@ -82,7 +82,7 @@ init_sec_context(struct client *client, } static int -accept_sec_context(struct client *client, +accept_sec_context(struct client *client, int32_t *hContext, int32_t flags, const krb5_data *itoken, @@ -103,7 +103,7 @@ accept_sec_context(struct client *client, } static int -acquire_cred(struct client *client, +acquire_cred(struct client *client, const char *username, const char *password, int32_t flags, @@ -120,7 +120,7 @@ acquire_cred(struct client *client, } static int -toast_resource(struct client *client, +toast_resource(struct client *client, int32_t hCred) { int32_t val; @@ -138,7 +138,7 @@ goodbye(struct client *client) } static int -get_targetname(struct client *client, +get_targetname(struct client *client, char **target) { put32(client, eGetTargetName); @@ -162,7 +162,7 @@ encrypt_token(struct client *client, int32_t hContext, int32_t flags, } static int32_t -decrypt_token(struct client *client, int32_t hContext, int flags, +decrypt_token(struct client *client, int32_t hContext, int flags, krb5_data *in, krb5_data *out) { int32_t val; @@ -177,6 +177,42 @@ decrypt_token(struct client *client, int32_t hContext, int flags, } static int32_t +wrap_token_ext(struct client *client, int32_t hContext, int32_t flags, + int32_t bflags, krb5_data *header, krb5_data *in, krb5_data *trailer, + krb5_data *out) +{ + int32_t val; + put32(client, eWrapExt); + put32(client, hContext); + put32(client, flags); + put32(client, bflags); + putdata(client, *header); + putdata(client, *in); + putdata(client, *trailer); + ret32(client, val); + retdata(client, *out); + return val; +} + +static int32_t +unwrap_token_ext(struct client *client, int32_t hContext, int32_t flags, + int32_t bflags, krb5_data *header, krb5_data *in, krb5_data *trailer, + krb5_data *out) +{ + int32_t val; + put32(client, eUnwrapExt); + put32(client, hContext); + put32(client, flags); + put32(client, bflags); + putdata(client, *header); + putdata(client, *in); + putdata(client, *trailer); + ret32(client, val); + retdata(client, *out); + return val; +} + +static int32_t get_mic(struct client *client, int32_t hContext, krb5_data *in, krb5_data *mic) { @@ -192,7 +228,7 @@ get_mic(struct client *client, int32_t hContext, } static int32_t -verify_mic(struct client *client, int32_t hContext, +verify_mic(struct client *client, int32_t hContext, krb5_data *in, krb5_data *mic) { int32_t val; @@ -208,7 +244,7 @@ verify_mic(struct client *client, int32_t hContext, static int32_t -get_version_capa(struct client *client, +get_version_capa(struct client *client, int32_t *version, int32_t *capa, char **version_str) { @@ -220,7 +256,7 @@ get_version_capa(struct client *client, } static int32_t -get_moniker(struct client *client, +get_moniker(struct client *client, char **moniker) { put32(client, eGetMoniker); @@ -291,7 +327,7 @@ build_context(struct client *ipeer, struct client *apeer, krb5_data_zero(&itoken); while (!iDone || !aDone) { - + if (iDone) { warnx("iPeer already done, aPeer want extra rtt"); val = GSMERR_ERROR; @@ -310,7 +346,7 @@ build_context(struct client *ipeer, struct client *apeer, case GSMERR_CONTINUE_NEEDED: break; default: - warnx("iPeer %s failed with %d (step %d)", + warnx("iPeer %s failed with %d (step %d)", ipeer->name, (int)val, step); goto out; } @@ -369,13 +405,13 @@ build_context(struct client *ipeer, struct client *apeer, out: return val; } - + static void test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2) { krb5_data msg, mic; int32_t val; - + msg.data = "foo"; msg.length = 3; @@ -392,12 +428,12 @@ test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2) } static int32_t -test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, +test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, int conf) { krb5_data msg, wrapped, out; int32_t val; - + msg.data = "foo"; msg.length = 3; @@ -431,22 +467,95 @@ test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, } static int32_t -test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2) +test_wrap_ext(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, + int conf, int bflags) +{ + krb5_data header, msg, trailer, wrapped, out; + int32_t val; + + header.data = "header"; + header.length = 6; + + msg.data = "0123456789abcdef"; /* padded for most enctypes */ + msg.length = 32; + + trailer.data = "trailer"; + trailer.length = 7; + + krb5_data_zero(&wrapped); + krb5_data_zero(&out); + + val = wrap_token_ext(c1, hc1, conf, bflags, &header, &msg, &trailer, &wrapped); + if (val) { + warnx("encrypt_token failed to host: %s", c1->moniker); + return val; + } + val = unwrap_token_ext(c2, hc2, conf, bflags, &header, &wrapped, &trailer, &out); + if (val) { + krb5_data_free(&wrapped); + warnx("decrypt_token failed to host: %s", c2->moniker); + return val; + } + + if (msg.length != out.length) { + warnx("decrypted'ed token have wrong length (%lu != %lu)", + (unsigned long)msg.length, (unsigned long)out.length); + val = GSMERR_ERROR; + } else if (memcmp(msg.data, out.data, msg.length) != 0) { + warnx("decryptd'ed token have wrong data"); + val = GSMERR_ERROR; + } + + krb5_data_free(&wrapped); + krb5_data_free(&out); + return val; +} + + +static int32_t +test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, int wrap_ext) { int32_t val; int i; for (i = 0; i < 10; i++) { + /* mic */ test_mic(c1, hc1, c2, hc2); test_mic(c2, hc2, c1, hc1); + + /* wrap */ val = test_wrap(c1, hc1, c2, hc2, 0); if (val) return val; val = test_wrap(c2, hc2, c1, hc1, 0); if (val) return val; + val = test_wrap(c1, hc1, c2, hc2, 1); if (val) return val; val = test_wrap(c2, hc2, c1, hc1, 1); if (val) return val; + + if (wrap_ext) { + /* wrap ext */ + val = test_wrap_ext(c1, hc1, c2, hc2, 1, 0); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 1, 0); + if (val) return val; + + val = test_wrap_ext(c1, hc1, c2, hc2, 1, 1); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 1, 1); + if (val) return val; + + val = test_wrap_ext(c1, hc1, c2, hc2, 0, 0); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 0, 0); + if (val) return val; + + val = test_wrap_ext(c1, hc1, c2, hc2, 0, 1); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 0, 1); + if (val) return val; + } } return GSMERR_OK; } @@ -476,9 +585,9 @@ log_function(void *ptr) goto out; if (krb5_ret_string(c->logsock, &string)) goto out; - printf("%s:%lu: %s\n", + printf("%s:%lu: %s\n", file, (unsigned long)line, string); - fprintf(logfile, "%s:%lu: %s\n", + fprintf(logfile, "%s:%lu: %s\n", file, (unsigned long)line, string); fflush(logfile); free(file); @@ -510,7 +619,7 @@ connect_client(const char *slave) *port++ = 0; c->name = estrdup(slave); - + memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; @@ -584,7 +693,7 @@ connect_client(const char *slave) clients = erealloc(clients, (num_clients + 1) * sizeof(*clients)); - + clients[num_clients] = c; num_clients++; @@ -607,6 +716,7 @@ get_client(const char *slave) static int version_flag; static int help_flag; +static int wrap_ext = 0; static char *logfile_str; static getarg_strings principals; static getarg_strings slaves; @@ -618,6 +728,8 @@ struct getargs args[] = { NULL }, { "log-file", 0, arg_string, &logfile_str, "Logfile", NULL }, + { "wrap-ext", 0, arg_flag, &wrap_ext, "test wrap extended", + NULL }, { "version", 0, arg_flag, &version_flag, "Print version", NULL }, { "help", 0, arg_flag, &help_flag, NULL, @@ -668,7 +780,7 @@ main(int argc, char **argv) if (password == NULL) errx(1, "password missing from %s", user); *password++ = 0; - + if (slaves.num_strings == 0) errx(1, "no principals"); @@ -703,7 +815,7 @@ main(int argc, char **argv) val = acquire_cred(clients[i], user, password, 1, &hCred); if (val != GSMERR_OK) { - warnx("Failed to acquire_cred on host %s: %d", + warnx("Failed to acquire_cred on host %s: %d", clients[i]->moniker, (int)val); failed = 1; } else @@ -713,7 +825,7 @@ main(int argc, char **argv) if (failed) goto out; - /* + /* * First test if all slaves can build context to them-self. */ @@ -722,7 +834,7 @@ main(int argc, char **argv) int32_t hCred, val, delegCred; int32_t clientC, serverC; struct client *c = clients[i]; - + if (c->target_name == NULL) continue; @@ -732,14 +844,14 @@ main(int argc, char **argv) val = acquire_cred(c, user, password, 1, &hCred); if (val != GSMERR_OK) errx(1, "failed to acquire_cred: %d", (int)val); - - val = build_context(c, c, + + val = build_context(c, c, GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG| GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG| GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG, hCred, &clientC, &serverC, &delegCred); if (val == GSMERR_OK) { - test_token(c, clientC, c, serverC); + test_token(c, clientC, c, serverC, wrap_ext); toast_resource(c, clientC); toast_resource(c, serverC); if (delegCred) @@ -755,7 +867,7 @@ main(int argc, char **argv) GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG, hCred, &clientC, &serverC, &delegCred); if (val == GSMERR_OK) { - test_token(c, clientC, c, serverC); + test_token(c, clientC, c, serverC, wrap_ext); toast_resource(c, clientC); toast_resource(c, serverC); if (delegCred) @@ -781,18 +893,18 @@ main(int argc, char **argv) int32_t hCred, val, delegCred = 0; int32_t clientC = 0, serverC = 0; struct client *client, *server; - + p = list[i]; - + client = get_client(p[0]); - + val = acquire_cred(client, user, password, 1, &hCred); if (val != GSMERR_OK) errx(1, "failed to acquire_cred: %d", (int)val); for (j = 1; j < num_clients + 1; j++) { server = get_client(p[j % num_clients]); - + if (server->target_name == NULL) break; @@ -809,11 +921,11 @@ main(int argc, char **argv) warnx("build_context failed: %d", (int)val); break; } - - val = test_token(client, clientC, server, serverC); + + val = test_token(client, clientC, server, serverC, wrap_ext); if (val) break; - + toast_resource(client, clientC); toast_resource(server, serverC); if (!delegCred) { @@ -827,11 +939,11 @@ main(int argc, char **argv) if (hCred) toast_resource(client, hCred); } - + /* * Close all connections to clients */ - + out: printf("sending goodbye and waiting for log sockets\n"); for (i = 0; i < num_clients; i++) { diff --git a/appl/gssmask/gssmask.c b/appl/gssmask/gssmask.c index 46b532b61f5a..916837b42de1 100644 --- a/appl/gssmask/gssmask.c +++ b/appl/gssmask/gssmask.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ #include "common.h" -RCSID("$Id: gssmask.c 21229 2007-06-20 10:19:19Z lha $"); +RCSID("$Id$"); /* * @@ -151,7 +151,7 @@ find_handle(struct handle *h, int32_t idx, enum handle_type type) { if (idx == 0) return NULL; - + while (h) { if (h->idx == idx) { if (type == h->type) @@ -160,7 +160,7 @@ find_handle(struct handle *h, int32_t idx, enum handle_type type) } h = h->next; } - return NULL; + return NULL; } @@ -229,7 +229,7 @@ acquire_cred(struct client *c, "krb5_get_init_creds failed: %d", ret); return convert_krb5_to_gsm(ret); } - + ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id); if (ret) krb5_err (context, 1, ret, "krb5_cc_initialize"); @@ -237,7 +237,7 @@ acquire_cred(struct client *c, ret = krb5_cc_initialize (context, id, cred.client); if (ret) krb5_err (context, 1, ret, "krb5_cc_initialize"); - + ret = krb5_cc_store_cred (context, id, &cred); if (ret) krb5_err (context, 1, ret, "krb5_cc_store_cred"); @@ -284,14 +284,14 @@ static int HandleOP(GoodBye) { struct handle *h = c->handles; - int i = 0; + unsigned int i = 0; while (h) { h = h->next; i++; } - if (i != 0) + if (i) logmessage(c, __FILE__, __LINE__, 0, "Did not toast all resources: %d", i); return 1; @@ -358,7 +358,7 @@ HandleOP(InitContext) if (ctx) krb5_errx(context, 1, "initcreds, context not NULL, but first req"); } - + if ((flags & GSS_C_DELEG_FLAG) != 0) logmessage(c, __FILE__, __LINE__, 0, "init_sec_context delegating"); if ((flags & GSS_C_DCE_STYLE) != 0) @@ -370,7 +370,7 @@ HandleOP(InitContext) gss_target_name, oid, flags & 0x7f, - 0, + 0, NULL, input_token_ptr, NULL, @@ -382,7 +382,7 @@ HandleOP(InitContext) del_handle(&c->handles, hContext); new_context_id = 0; logmessage(c, __FILE__, __LINE__, 0, - "gss_init_sec_context returns code: %d/%d", + "gss_init_sec_context returns code: %d/%d", maj_stat, min_stat); } else { if (input_token.length == 0) @@ -461,7 +461,7 @@ HandleOP(AcceptContext) if (hContext != 0) del_handle(&c->handles, hContext); logmessage(c, __FILE__, __LINE__, 0, - "gss_accept_sec_context returns code: %d/%d", + "gss_accept_sec_context returns code: %d/%d", maj_stat, min_stat); new_context_id = 0; } else { @@ -484,8 +484,8 @@ HandleOP(AcceptContext) gss_release_cred(&min_stat, &deleg_cred); deleg_hcred = 0; } - - + + gsm_error = convert_gss_to_gsm(maj_stat); put32(c, new_context_id); @@ -534,11 +534,11 @@ HandleOP(AcquireCreds) gsm_error = convert_krb5_to_gsm(ret); goto out; } - + ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); - + krb5_get_init_creds_opt_set_pa_password(context, opt, password, NULL); gsm_error = acquire_cred(c, principal, opt, &handle); @@ -580,22 +580,22 @@ HandleOP(Sign) input_token.length = token.length; input_token.value = token.data; - + maj_stat = gss_get_mic(&min_stat, ctx, 0, &input_token, &output_token); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_get_mic failed"); - + krb5_data_free(&token); - + token.data = output_token.value; token.length = output_token.length; - + put32(c, 0); /* XXX fix gsm_error */ putdata(c, token); - + gss_release_buffer(&min_stat, &output_token); - + return 0; } @@ -621,7 +621,7 @@ HandleOP(Verify) msg_token.length = msg.length; msg_token.value = msg.data; - + retdata(c, mic); mic_token.length = mic.length; @@ -631,12 +631,12 @@ HandleOP(Verify) &mic_token, &qop); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_verify_mic failed"); - + krb5_data_free(&mic); krb5_data_free(&msg); - + put32(c, 0); /* XXX fix gsm_error */ - + return 0; } @@ -653,7 +653,7 @@ HandleOP(GetVersionAndCapabilities) { struct utsname ut; if (uname(&ut) == 0) { - snprintf(name, sizeof(name), "%s-%s-%s", + snprintf(name, sizeof(name), "%s-%s-%s", ut.sysname, ut.version, ut.machine); } } @@ -663,7 +663,7 @@ HandleOP(GetVersionAndCapabilities) put32(c, GSSMAGGOTPROTOCOL); put32(c, cap); - putstring(c, str); + putstring(c, str); free(str); return 0; @@ -711,12 +711,12 @@ HandleOP(SetLoggingSocket) krb5_store_int32(c->logging, eLogSetMoniker); store_string(c->logging, c->moniker); - + logmessage(c, __FILE__, __LINE__, 0, "logging turned on"); return 0; } - + static int HandleOP(ChangePassword) @@ -751,22 +751,22 @@ HandleOP(Wrap) input_token.length = token.length; input_token.value = token.data; - + maj_stat = gss_wrap(&min_stat, ctx, flags, 0, &input_token, &conf_state, &output_token); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_wrap failed"); - + krb5_data_free(&token); - + token.data = output_token.value; token.length = output_token.length; - + put32(c, 0); /* XXX fix gsm_error */ putdata(c, token); - + gss_release_buffer(&min_stat, &output_token); - + return 0; } @@ -793,13 +793,13 @@ HandleOP(Unwrap) input_token.length = token.length; input_token.value = token.data; - + maj_stat = gss_unwrap(&min_stat, ctx, &input_token, &output_token, &conf_state, &qop_state); - + if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat); - + krb5_data_free(&token); if (maj_stat == GSS_S_COMPLETE) { token.data = output_token.value; @@ -853,19 +853,180 @@ HandleOP(AcquirePKInitCreds) { int32_t flags; krb5_data pfxdata; + char fn[] = "FILE:/tmp/pkcs12-creds-XXXXXXX"; + krb5_principal principal = NULL; + int fd; ret32(c, flags); retdata(c, pfxdata); - /* get credentials */ + fd = mkstemp(fn + 5); + if (fd < 0) + errx(1, "mkstemp"); + net_write(fd, pfxdata.data, pfxdata.length); krb5_data_free(&pfxdata); + close(fd); + + if (principal) + krb5_free_principal(context, principal); put32(c, -1); /* hResource */ put32(c, GSMERR_NOT_SUPPORTED); return 0; } +static int +HandleOP(WrapExt) +{ + OM_uint32 maj_stat, min_stat; + int32_t hContext, flags, bflags; + krb5_data token, header, trailer; + gss_ctx_id_t ctx; + unsigned char *p; + int conf_state, iov_len; + gss_iov_buffer_desc iov[6]; + + ret32(c, hContext); + ret32(c, flags); + ret32(c, bflags); + retdata(c, header); + retdata(c, token); + retdata(c, trailer); + + ctx = find_handle(c->handles, hContext, handle_context); + if (ctx == NULL) + errx(1, "wrap: reference to unknown context"); + + memset(&iov, 0, sizeof(iov)); + + iov_len = sizeof(iov)/sizeof(iov[0]); + + if (bflags & WRAP_EXP_ONLY_HEADER) + iov_len -= 2; /* skip trailer and padding, aka dce-style */ + + iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + if (header.length != 0) { + iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[1].buffer.length = header.length; + iov[1].buffer.value = header.data; + } else { + iov[1].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + iov[2].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[2].buffer.length = token.length; + iov[2].buffer.value = token.data; + if (trailer.length != 0) { + iov[3].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[3].buffer.length = trailer.length; + iov[3].buffer.value = trailer.data; + } else { + iov[3].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + iov[4].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + iov[5].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + + maj_stat = gss_wrap_iov_length(&min_stat, ctx, flags, 0, &conf_state, + iov, iov_len); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_wrap_iov_length failed"); + + maj_stat = gss_wrap_iov(&min_stat, ctx, flags, 0, &conf_state, + iov, iov_len); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_wrap_iov failed"); + + krb5_data_free(&token); + + token.length = iov[0].buffer.length + iov[2].buffer.length + iov[4].buffer.length + iov[5].buffer.length; + token.data = malloc(token.length); + + p = token.data; + memcpy(p, iov[0].buffer.value, iov[0].buffer.length); + p += iov[0].buffer.length; + memcpy(p, iov[2].buffer.value, iov[2].buffer.length); + p += iov[2].buffer.length; + memcpy(p, iov[4].buffer.value, iov[4].buffer.length); + p += iov[4].buffer.length; + memcpy(p, iov[5].buffer.value, iov[5].buffer.length); + p += iov[5].buffer.length; + + gss_release_iov_buffer(NULL, iov, iov_len); + + put32(c, 0); /* XXX fix gsm_error */ + putdata(c, token); + + free(token.data); + + return 0; +} + + +static int +HandleOP(UnwrapExt) +{ + OM_uint32 maj_stat, min_stat; + int32_t hContext, flags, bflags; + krb5_data token, header, trailer; + gss_ctx_id_t ctx; + gss_iov_buffer_desc iov[3]; + int conf_state, iov_len; + gss_qop_t qop_state; + + ret32(c, hContext); + ret32(c, flags); + ret32(c, bflags); + retdata(c, header); + retdata(c, token); + retdata(c, trailer); + + iov_len = sizeof(iov)/sizeof(iov[0]); + + if (bflags & WRAP_EXP_ONLY_HEADER) + iov_len -= 1; /* skip trailer and padding, aka dce-style */ + + ctx = find_handle(c->handles, hContext, handle_context); + if (ctx == NULL) + errx(1, "unwrap: reference to unknown context"); + + if (header.length != 0) { + iov[0].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[0].buffer.length = header.length; + iov[0].buffer.value = header.data; + } else { + iov[0].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[1].buffer.length = token.length; + iov[1].buffer.value = token.data; + + if (trailer.length != 0) { + iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[2].buffer.length = trailer.length; + iov[2].buffer.value = trailer.data; + } else { + iov[2].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + + maj_stat = gss_unwrap_iov(&min_stat, ctx, &conf_state, &qop_state, + iov, iov_len); + + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat); + + if (maj_stat == GSS_S_COMPLETE) { + token.data = iov[1].buffer.value; + token.length = iov[1].buffer.length; + } else { + token.data = NULL; + token.length = 0; + } + put32(c, 0); /* XXX fix gsm_error */ + putdata(c, token); + + return 0; +} + /* * */ @@ -899,7 +1060,9 @@ struct handler handlers[] = { S(ConnectLoggingService2), S(GetMoniker), S(CallExtension), - S(AcquirePKInitCreds) + S(AcquirePKInitCreds), + S(WrapExt), + S(UnwrapExt), }; #undef S @@ -937,16 +1100,16 @@ create_client(int fd, int port, const char *moniker) { c->salen = sizeof(c->sa); getpeername(fd, (struct sockaddr *)&c->sa, &c->salen); - - getnameinfo((struct sockaddr *)&c->sa, c->salen, - c->servername, sizeof(c->servername), + + getnameinfo((struct sockaddr *)&c->sa, c->salen, + c->servername, sizeof(c->servername), NULL, 0, NI_NUMERICHOST); } c->sock = krb5_storage_from_fd(fd); if (c->sock == NULL) errx(1, "krb5_storage_from_fd"); - + close(fd); return c; @@ -987,7 +1150,7 @@ handleServer(void *ptr) } logmessage(c, __FILE__, __LINE__, 0, - "---> Got op %s from server %s", + "---> Got op %s from server %s", handler->name, c->servername); if ((handler->func)(handler->op, c)) @@ -1072,11 +1235,11 @@ main(int argc, char **argv) err(1, "error opening %s", lf); } - mini_inetd(htons(port)); + mini_inetd(htons(port), NULL); fprintf(logfile, "connected\n"); { - struct client *c; + struct client *c; c = create_client(0, port, moniker_str); /* close(0); */ diff --git a/appl/gssmask/protocol.h b/appl/gssmask/protocol.h index 3683fa6edb1d..1e1f14102624 100644 --- a/appl/gssmask/protocol.h +++ b/appl/gssmask/protocol.h @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ /* - * $Id: protocol.h 18352 2006-10-08 13:53:28Z lha $ + * $Id$ */ /* missing from tests: @@ -63,9 +63,9 @@ enum gssMaggotErrorCodes { * int32: message OP (enum gssMaggotProtocol) * ... * - * return: -- on error + * return: -- on error * int32: not support (GSMERR_NOT_SUPPORTED) - * + * * return: -- on existing message OP * int32: support (GSMERR_OK) -- only sent for extensions * ... @@ -75,28 +75,28 @@ enum gssMaggotErrorCodes { enum gssMaggotOp { eGetVersionInfo = 0, - /* + /* * input: * none * return: - * int32: last version handled + * int32: last version handled */ eGoodBye, - /* + /* * input: * none * return: * close socket */ eInitContext, - /* + /* * input: * int32: hContext * int32: hCred * int32: Flags * the lowest 0x7f flags maps directly to GSS-API flags - * DELEGATE 0x001 - * MUTUAL_AUTH 0x002 + * DELEGATE 0x001 + * MUTUAL_AUTH 0x002 * REPLAY_DETECT 0x004 * SEQUENCE_DETECT 0x008 * CONFIDENTIALITY 0x010 @@ -115,7 +115,7 @@ enum gssMaggotOp { * length-encoded: output token */ eAcceptContext, - /* + /* * input: * int32: hContext * int32: Flags -- unused ? @@ -153,7 +153,7 @@ enum gssMaggotOp { /* * input: * int32: hContext - * int32: flags -- unused + * int32: flags * int32: seqno -- unused * length-encode: plaintext * return: @@ -164,7 +164,7 @@ enum gssMaggotOp { /* * input: * int32: hContext - * int32: flags -- unused + * int32: flags * int32: seqno -- unused * length-encode: ciphertext * return: @@ -177,7 +177,7 @@ enum gssMaggotOp { /* * input: * int32: hContext - * int32: flags -- unused + * int32: flags * int32: seqno -- unused * length-encode: message * length-encode: signature @@ -229,7 +229,7 @@ enum gssMaggotOp { * return1: * int16: log port number * int32: master log prototocol version (0) - * + * * wait for master to connect on the master log socket * * return2: @@ -259,9 +259,40 @@ enum gssMaggotOp { * int32: gsm status val (GSMERR_NOT_SUPPORTED) */ /* here ended version 7 of the protocol */ + eWrapExt, + /* + * input: + * int32: hContext + * int32: flags + * int32: bflags + * length-encode: protocol header + * length-encode: plaintext + * length-encode: protocol trailer + * return: + * int32: gsm status val + * length-encode: ciphertext + */ + eUnwrapExt, + /* + * input: + * int32: hContext + * int32: flags + * int32: bflags + * length-encode: protocol header + * length-encode: ciphertext + * length-encode: protocol trailer + * return: + * int32: gsm status val + * length-encode: plaintext + */ + /* here ended version 8 of the protocol */ + eLastProtocolMessage }; +/* bflags */ +#define WRAP_EXP_ONLY_HEADER 1 + enum gssMaggotLogOp{ eLogInfo = 0, /* |