diff options
author | no author <devnull@mit.edu> | 2004-01-07 23:25:10 +0000 |
---|---|---|
committer | no author <devnull@mit.edu> | 2004-01-07 23:25:10 +0000 |
commit | c31bf6d84dd9638396a0ee8a9a1ff34ec2d85ca9 (patch) | |
tree | fcbc663b79f288481d3ff2004e7c38282b390c1d /src/include | |
parent | 6670198c5e4945eaabfec95e24b0c47c7d97fc44 (diff) | |
download | krb5-kfw-2.6-beta1.zip krb5-kfw-2.6-beta1.tar.gz krb5-kfw-2.6-beta1.tar.bz2 |
This commit was manufactured by cvs2svn to create tagkfw-2.6-beta1
'kfw-2_6-beta-1'.
git-svn-id: svn://anonsvn.mit.edu/krb5/tags/kfw-2_6-beta-1@15980 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/ChangeLog | 241 | ||||
-rw-r--r-- | src/include/Makefile.in | 12 | ||||
-rw-r--r-- | src/include/configure.in | 3 | ||||
-rw-r--r-- | src/include/fake-addrinfo.h | 88 | ||||
-rw-r--r-- | src/include/foreachaddr.c | 14 | ||||
-rw-r--r-- | src/include/k5-int.h | 178 | ||||
-rw-r--r-- | src/include/k5-platform.h | 170 | ||||
-rw-r--r-- | src/include/kerberosIV/ChangeLog | 5 | ||||
-rw-r--r-- | src/include/kerberosIV/krb.h | 4 | ||||
-rw-r--r-- | src/include/krb5.hin | 110 | ||||
-rw-r--r-- | src/include/krb5/ChangeLog | 4 | ||||
-rw-r--r-- | src/include/krb5/kdb.h | 4 | ||||
-rw-r--r-- | src/include/krb5/stock/ChangeLog | 4 | ||||
-rw-r--r-- | src/include/krb5/stock/osconf.h | 2 | ||||
-rw-r--r-- | src/include/port-sockets.h | 15 | ||||
-rw-r--r-- | src/include/win-mac.h | 9 |
16 files changed, 777 insertions, 86 deletions
diff --git a/src/include/ChangeLog b/src/include/ChangeLog index a8e7726..f7283b9 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,244 @@ +2004-01-04 Jeffrey Altman <jaltman@mit.edu> + + * win-mac.h: conditionally define strcasecmp/strncasecmp macros + only if they do not already exist. + +2003-12-18 Jeffrey Altman <jaltman@mit.edu> + + * k5-int.h: add new functions to krb5int_access for use by gssapi + +2003-12-15 Ken Raeburn <raeburn@mit.edu> + + * k5-platform.h (SIZE_MAX): Provide default definition if stdint.h + doesn't define it. + +2003-12-15 Jeffrey Altman <jaltman@mit.edu> + + * win-mac.h: source code written to the C99 standard assumes there + are standard definitions for the MAX sizes of C types including + size_t. The MAX preprocessor variables are declared in limits.h + but limits.h is not included by any of the other header files. + We will therefore include it via win-mac.h. We must also add a + declaration of SIZE_MAX (for size_t) because Microsoft does not + provide one. + +2003-12-15 Jeffrey Altman <jaltman@mit.edu> + + * k5-platform.h: apply casts (unsigned char) to the assignments from + 64-bit ints to unsigned char fields to avoid warnings + +2003-12-13 Ken Raeburn <raeburn@mit.edu> + + * krb5.hin (KRB5_AUTH_CONTEXT_USE_SUBKEY): New macro. + + * k5-int.h (struct krb5_keytypes): Added field required_ctype. + (krb5int_c_mandatory_cksumtype): New declaration. + (krb5int_generate_and_set_subkey): Declare. + (memset) [__GNUC__ && __GLIBC__]: Undef, to reduce compilation + warnings in zap() macro with volatile pointer. + + * k5-platform.h: New header file. Manages inline-function and + 64-bit support, in platform-specific ways. + * fake-addrinfo.h: Include k5-platform.h. + (inline): Don't define here. + * k5-int.h: Include k5-platform.h. + (krb5_ui_8, krb5_int64): New typedefs. + (krb5_ser_pack_int64, krb5_ser_unpack_int64): New function decls. + +2003-10-08 Tom Yu <tlyu@mit.edu> + + * k5-int.h: Add prototypes for decode_krb5_safe_with_body and + encode_krb5_safe_with_body. + +2003-08-29 Ken Raeburn <raeburn@mit.edu> + + * fake-addrinfo.h (WRAP_GETADDRINFO, COPY_FIRST_CANONNAME): Don't + define on Linux unless HAVE_GETADDRINFO is defined, for libc5 + compatibility. + +2003-08-26 Ken Raeburn <raeburn@mit.edu> + + * foreachaddr.c (foreach_localaddr) [HAVE_IFADDRS_H]: Skip over + any returned data structure with a NULL ifa_addr field. + +2003-07-31 Jeffrey Altman <jaltman@mit.edu> + + * krb5.hin: krb5_get_host_realm and krb5_free_host_realm should + not be labeled as KRB5_PRIVATE. They are required for many + applications including OpenAFS and UMich's Kx509. 1.2.8 had them + public but the change was never reflected on the trunk. + +2003-07-22 Alexandra Ellwood <lxs@mit.edu> + + * fake-addrinfo.h: Don't use broken getaddrinfo on Mac OS X + +2003-07-22 Ken Raeburn <raeburn@mit.edu> + + * k5-int.h (krb5int_zap_data, zap): New macros; call memset with + volatile cast for now. + +2003-07-21 Alexandra Ellwood <lxs@mit.edu> + + * krb5_32.def: Export krb5_principal2salt. + +2003-07-09 Alexandra Ellwood <lxs@mit.edu> + + * krb5.hin: Export krb5_get_permitted_enctypes and + krb5_set_real_time for Samba. + +2003-06-23 Ken Raeburn <raeburn@mit.edu> + + * k5-int.h (struct krb5_cksumtypes): Add new field trunc_size. + +2003-06-12 Tom Yu <tlyu@mit.edu> + + * krb5.hin: krb524_init_ets() takes one argument. + +2003-06-06 Ken Raeburn <raeburn@mit.edu> + + * k5-int.h (struct srv_dns_entry): Declare. + (krb5int_make_srv_query_realm, krb5int_free_srv_dns_data): + Declare. + (struct _krb5int_access): Add make_srv_query_realm and + free_srv_dns_data fields. + +2003-06-03 Ken Raeburn <raeburn@mit.edu> + + * k5-int.h (struct _krb5int_access): Add locate_server back in. + +2003-05-27 Ken Raeburn <raeburn@mit.edu> + + * k5-int.h (KRB524_SERVICE, KRB524_PORT): Moved here... + * krb5.h: ...from here. + (krb5_524_convert_creds): Renamed from krb524_convert_creds_kdc, + fixed calling convention spec. + (krb524_convert_creds_kdc, krb524_init_ets) [KRB5_DEPRECATED]: New + macros. + + * Makefile.in (clean-windows): Remove new "timestamp" file when + cleaning up. + +2003-05-25 Ezra Peisach <epeisach@mit.edu> + + * krb5.hin: Sequence number of krb5_replay_data should be unsigned. + +2003-05-23 Ken Raeburn <raeburn@mit.edu> + + * Makefile.in (krb5.h): Include krb524_err.h. + (krb524_err.h): Depend on rebuild-error-tables like krb5_err.h and + friends. Add a null command to cause make to recheck the + timestamp on the files possibly updated. + (clean-unix): Get rid of it. + * k5-int.h (KRb5INT_ACCESS_STRUCT_VERSION): Update to 7. + (struct ktext) [!defined(ANAME_SZ)]: Declare forward. + (krb5int_access): Delete krb5_locate_kdc, krb5_locate_server, + krb5_max_dgram_size and timeout fields. Add krb_life_to_time, + krb_time_to_life, and krb524_encode_v4tkt function pointer + fields. Reorder fields, and add comments. + (krb5int_krb_life_to_time, krb5int_krb_time_to_life, + krb5int_encode_v4tkt, krb5int_524_sendto_kdc): Declare. + * krb5.hin (KRB524_SERVICE, KRB524_PORT): New macros. + (struct credentials): Declare forward. + (krb524_convert_creds_kdc): Declare. + +2003-05-22 Tom Yu <tlyu@mit.edu> + + * k5-int.h: Add prototype for krb5int_auth_con_chkseqnum. + + * krb5.hin: Default KRB5_DEPRECATED to 0. Default KRB5_PRIVATE to + 0 on all platforms. + +2003-05-22 Sam Hartman <hartmans@mit.edu> + + * k5-int.h: krb5int_populate_gic_opt returns void + +2003-05-19 Sam Hartman <hartmans@mit.edu> + + * k5-int.h: Prototype krb5int_populate_gic_opt + +2003-05-18 Tom Yu <tlyu@mit.edu> + + * k5-int.h: Sequence numbers are now unsigned. + + * krb5.hin: Sequence numbers are now unsigned. + +2003-05-16 Ken Raeburn <raeburn@mit.edu> + + * krb5.hin (KRB5_KPASSWD_ACCESSDENIED): New macro. + (KRB5_KPASSWD_BAD_VERSION, KRB5_KPASSWD_INITIAL_FLAG_NEEDED): New + macros. + +2003-05-13 Sam Hartman <hartmans@mit.edu> + + * k5-int.h: Add krb5int_copy_data_contents + +2003-05-08 Sam Hartman <hartmans@mit.edu> + + * krb5.hin: Add prototype for krb5_c_string_to_key_with_params + + * k5-int.h: Add s2kparams to krb5_gic_get_as_key_fct + +2003-05-07 Sam Hartman <hartmans@mit.edu> + + * krb5.hin: Add KRB5_PADATA_ETYPE_INFO2 + +2003-05-09 Ken Raeburn <raeburn@mit.edu> + + * k5-int.h (struct _krb5_context): New fields conf_tgs_ktypes, + conf_tgs_ktypes_count, use_conf_ktypes. + +2003-05-09 Tom Yu <tlyu@mit.edu> + + * krb5.hin: Add krb5_auth_con_getsendsubkey, + krb5_auth_con_getrecvsubkey, krb5_auth_con_setsendsubkey, + krb5_auth_con_setrecvsubkey. Mark krb5_auth_con_getlocalsubkey + and krb5_auth_con_getremotesubkey as deprecated. + +2003-05-06 Sam Hartman <hartmans@mit.edu> + + * k5-int.h: Add s2kparams to + krb5_etype_info_entry + Add encode_etype_info2 and decode_etype_info2 + +2003-05-02 Ken Raeburn <raeburn@mit.edu> + + * port-sockets.h (inet_ntop) [!_WIN32 && !HAVE_MACSOCK_H]: Define + as a macro if not provided by the OS. + +2003-04-17 Sam Hartman <hartmans@mit.edu> + + * k5-int.h: Add encode_krb5_setpw_req + +2003-04-15 Sam Hartman <hartmans@mit.edu> + + * krb5.hin: Add krb5_set_password + Move krb5*_chpw internals to k5int.h + + * k5-int.h: Add prototypes for set-password helper functions + +2003-04-07 Ken Raeburn <raeburn@mit.edu> + + * fake-addrinfo.h (getaddrinfo) [NUMERIC_SERVICE_BROKEN]: + Overwrite the port number only if a numeric service port was + supplied. + +2003-04-01 Ken Raeburn <raeburn@mit.edu> + + * fake-addrinfo.h (COPY_FIRST_CANONNAME) [_AIX]: Define. + (GET_HOST_BY_NAME) [_AIX]: New version for AIX version of + gethostbyname_r. + (getaddrinfo) [NUMERIC_SERVICE_BROKEN]: Use "discard" as a dummy + service name instead of none at all. Don't check for unsigned + value less than zero. + (getaddrinfo) [COPY_FIRST_CANONNAME]: Set any ai_canonname fields + other than the first one to null. + +2003-03-18 Alexandra Ellwood <lxs@mit.edu> + + * configure.in: Use KRB5_AC_NEED_BIND_8_COMPAT to check for bind 9 + and higher. When bind 9 is present, BIND_8_COMPAT needs to be + defined to get bind 8 types. + 2003-03-06 Alexandra Ellwood <lxs@mit.edu> * krb5.h: Removed enumsalwaysint because there are no typed diff --git a/src/include/Makefile.in b/src/include/Makefile.in index df81029..6674a7c 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -31,18 +31,19 @@ $(srcdir)/krb5/autoconf.stmp: $(srcdir)/configure.in cd $(srcdir) && $(AUTOHEADER) --localdir=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS) touch $(srcdir)/krb5/autoconf.stmp -krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \ +krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ asn1_err.h echo "/* This file is generated, please don't edit it directly. */" > krb5.h grep SIZEOF krb5/autoconf.h >> krb5.h - cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \ + cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ asn1_err.h >> krb5.h # # Build the error table include files: -# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h +# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h -asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h: rebuild-error-tables +asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h: rebuild-error-tables + : $@ rebuild-error-tables: (cd ../lib/krb5/error_tables && $(MAKE) includes) @@ -53,9 +54,10 @@ asn1_err.h: $(SRCTOP)/lib/krb5/error_tables/asn1_err.et kdb5_err.h: $(SRCTOP)/lib/krb5/error_tables/kdb5_err.et krb5_err.h: $(SRCTOP)/lib/krb5/error_tables/krb5_err.et kv5m_err.h: $(SRCTOP)/lib/krb5/error_tables/kv5m_err.et +krb524_err.h: $(SRCTOP)/lib/krb5/error_tables/krb524_err.et clean-unix:: - $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h \ + $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ asn1_err.h clean-mac:: diff --git a/src/include/configure.in b/src/include/configure.in index 7287f15..71b47ff 100644 --- a/src/include/configure.in +++ b/src/include/configure.in @@ -181,6 +181,9 @@ if test $krb5_cv_has_type_socklen_t = yes; then fi dnl dnl +KRB5_AC_NEED_BIND_8_COMPAT +dnl +dnl AC_ARG_ENABLE([athena], [ --enable-athena build with MIT Project Athena configuration], AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),) diff --git a/src/include/fake-addrinfo.h b/src/include/fake-addrinfo.h index d32802a..79133c2 100644 --- a/src/include/fake-addrinfo.h +++ b/src/include/fake-addrinfo.h @@ -89,8 +89,10 @@ #define FAI_DEFINED #include "port-sockets.h" #include "socket-utils.h" +#include "k5-platform.h" #ifdef S_SPLINT_S +/*@-incondefs@*/ extern int getaddrinfo (/*@in@*/ /*@null@*/ const char *, /*@in@*/ /*@null@*/ const char *, @@ -108,23 +110,28 @@ getnameinfo (const struct sockaddr *addr, socklen_t addrsz, /*@requires (maxSet(h)+1) >= hsz /\ (maxSet(s)+1) >= ssz @*/ /* too hard: maxRead(addr) >= (addrsz-1) */ /*@modifies *h, *s@*/; -extern /*@dependent@*/ char * -gai_strerror (int code) /*@*/; +extern /*@dependent@*/ char *gai_strerror (int code) /*@*/; +/*@=incondefs@*/ #endif -#if defined (__linux__) || defined (_AIX) +#if defined (__APPLE__) && defined (__MACH__) +#undef HAVE_GETADDRINFO +#endif + +#if (defined (__linux__) && defined(HAVE_GETADDRINFO)) || defined (_AIX) /* See comments below. */ # define WRAP_GETADDRINFO /* # define WRAP_GETNAMEINFO */ #endif -#ifdef __linux__ +#if defined (__linux__) && defined(HAVE_GETADDRINFO) # define COPY_FIRST_CANONNAME #endif #ifdef _AIX # define NUMERIC_SERVICE_BROKEN +# define COPY_FIRST_CANONNAME #endif @@ -152,6 +159,29 @@ gai_strerror (int code) /*@*/; #define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \ { (HP) = gethostbyaddr ((ADDR), (ADDRLEN), (FAMILY)); (ERR) = h_errno; } #else +#ifdef _AIX /* XXX should have a feature test! */ +#define GET_HOST_BY_NAME(NAME, HP, ERR) \ + { \ + struct hostent my_h_ent; \ + struct hostent_data my_h_ent_data; \ + (HP) = (gethostbyname_r((NAME), &my_h_ent, &my_h_ent_data) \ + ? 0 \ + : &my_h_ent); \ + (ERR) = h_errno; \ + } +/* +#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \ + { \ + struct hostent my_h_ent; \ + struct hostent_data my_h_ent_data; \ + (HP) = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &my_h_ent, \ + &my_h_ent_data) \ + ? 0 \ + : &my_h_ent); \ + (ERR) = my_h_err; \ + } +*/ +#else #ifdef GETHOSTBYNAME_R_RETURNS_INT #define GET_HOST_BY_NAME(NAME, HP, ERR) \ { \ @@ -196,7 +226,8 @@ gai_strerror (int code) /*@*/; my_h_buf, sizeof (my_h_buf), &my_h_err); \ (ERR) = my_h_err; \ } -#endif +#endif /* returns int? */ +#endif /* _AIX */ #endif /* Now do the same for getservby* functions. */ @@ -898,19 +929,19 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint, /* AIX 4.3.3 is broken. (Or perhaps out of date?) If a numeric service is provided, and it doesn't correspond to - a known service name, an error code (for "host not found") is - returned. If the port maps to a known service, all is - well. */ + a known service name for tcp or udp (as appropriate), an error + code (for "host not found") is returned. If the port maps to a + known service for both udp and tcp, all is well. */ if (serv && serv[0] && isdigit(serv[0])) { unsigned long lport; char *end; lport = strtoul(serv, &end, 10); if (!*end) { - if (lport < 0 || lport > 65535) + if (lport > 65535) return EAI_SOCKTYPE; service_is_numeric = 1; service_port = htons(lport); - serv = 0; + serv = "discard"; /* defined for both udp and tcp */ if (hint) socket_type = hint->ai_socktype; } @@ -948,7 +979,10 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint, approach: If getaddrinfo sets ai_canonname, we'll replace the *first* one with allocated storage, and free up that pointer in freeaddrinfo if it's set; the other ai_canonname fields will be - left untouched. + left untouched. And we'll just pray that the application code + won't mess around with the list structure; if we start doing + that, we'll have to start replacing and freeing all of the + ai_canonname fields. Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133668 . @@ -961,7 +995,9 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint, set, the returned ai_canonname field can be null. The NetBSD 1.5 implementation also does this, if the input hostname is a numeric host address string. That case isn't handled well at - the moment. */ + the moment. + + Libc version 5 didn't have getaddrinfo at all. */ #ifdef COPY_FIRST_CANONNAME /* @@ -1017,20 +1053,28 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint, #endif return EAI_MEMORY; } + /* Zap the remaining ai_canonname fields glibc fills in, in + case the application messes around with the list + structure. */ + while ((ai = ai->ai_next) != NULL) + ai->ai_canonname = 0; } #endif #ifdef NUMERIC_SERVICE_BROKEN - for (ai = *result; ai; ai = ai->ai_next) { - if (socket_type != 0 && ai->ai_socktype == 0) - ai->ai_socktype = socket_type; - switch (ai->ai_family) { - case AF_INET: - ((struct sockaddr_in *)ai->ai_addr)->sin_port = service_port; - break; - case AF_INET6: - ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = service_port; - break; + if (service_port != 0) { + for (ai = *result; ai; ai = ai->ai_next) { + if (socket_type != 0 && ai->ai_socktype == 0) + /* Is this check actually needed? */ + ai->ai_socktype = socket_type; + switch (ai->ai_family) { + case AF_INET: + ((struct sockaddr_in *)ai->ai_addr)->sin_port = service_port; + break; + case AF_INET6: + ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = service_port; + break; + } } } #endif diff --git a/src/include/foreachaddr.c b/src/include/foreachaddr.c index 101f8ef..f91034a 100644 --- a/src/include/foreachaddr.c +++ b/src/include/foreachaddr.c @@ -383,6 +383,20 @@ foreach_localaddr (/*@null@*/ void *data, if ((ifp->ifa_flags & IFF_UP) == 0) continue; if (ifp->ifa_flags & IFF_LOOPBACK) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } + if (ifp->ifa_addr == NULL) { + /* Can't use an interface without an address. Linux + apparently does this sometimes. [RT ticket 1770 from + Maurice Massar, also Debian bug 206851, shows the + problem with a PPP link on a newer kernel than I'm + running.] + + Pretend it's not up, so the second pass will skip + it. */ ifp->ifa_flags &= ~IFF_UP; continue; } diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 41c325d..61333e4 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001 by the Massachusetts Institute of Technology, + * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. * * This software is being provided to you, the LICENSEE, by the @@ -138,6 +138,13 @@ typedef unsigned char u_char; #endif /* HAVE_SYS_TYPES_H */ #endif /* KRB5_SYSTYPES__ */ + +#include "k5-platform.h" +/* not used in krb5.h (yet) */ +typedef UINT64_TYPE krb5_ui_8; +typedef INT64_TYPE krb5_int64; + + #define DEFAULT_PWD_STRING1 "Enter password" #define DEFAULT_PWD_STRING2 "Re-enter password for verification" @@ -282,12 +289,15 @@ typedef struct _krb5_alt_method { * A null-terminated array of this structure is returned by the KDC as * the data part of the ETYPE_INFO preauth type. It informs the * client which encryption types are supported. + * The same data structure is used by both etype-info and etype-info2 + * but s2kparams must be null when encoding etype-info. */ typedef struct _krb5_etype_info_entry { krb5_magic magic; krb5_enctype etype; unsigned int length; krb5_octet *salt; + krb5_data s2kparams; } krb5_etype_info_entry; /* @@ -638,6 +648,7 @@ struct krb5_keytypes { krb5_crypt_func encrypt; krb5_crypt_func decrypt; krb5_str2key_func str2key; + krb5_cksumtype required_ctype; }; struct krb5_cksumtypes { @@ -657,6 +668,12 @@ struct krb5_cksumtypes { kind of messy, but so is the krb5 api. */ const struct krb5_keyhash_provider *keyhash; const struct krb5_hash_provider *hash; + /* This just gets uglier and uglier. In the key derivation case, + we produce an hmac. To make the hmac code work, we can't hack + the output size indicated by the hash provider, but we may want + a truncated hmac. If we want truncation, this is the number of + bytes we truncate to; it should be 0 otherwise. */ + unsigned int trunc_size; }; #define KRB5_CKSUMFLAG_DERIVE 0x0001 @@ -679,6 +696,10 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long, const krb5_data *, const krb5_data *); +/* Make this a function eventually? */ +#define krb5int_zap_data(ptr, len) memset((volatile void *)ptr, 0, len) +#define zap(p,l) krb5int_zap_data(p,l) + /* A definition of init_state for DES based encryption systems. * sets up an 8-byte IV of all zeros */ @@ -903,6 +924,8 @@ void krb5_free_etype_info /* * End "preauth.h" */ +krb5_error_code +krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); typedef krb5_error_code (*krb5_gic_get_as_key_fct) (krb5_context, @@ -911,6 +934,7 @@ typedef krb5_error_code (*krb5_gic_get_as_key_fct) krb5_prompter_fct, void *prompter_data, krb5_data *salt, + krb5_data *s2kparams, krb5_keyblock *as_key, void *gak_data); @@ -929,11 +953,17 @@ krb5_get_init_creds int master, krb5_kdc_rep **as_reply); +void krb5int_populate_gic_opt ( + krb5_context, krb5_get_init_creds_opt *, + krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, + krb5_preauthtype *pre_auth_types); + krb5_error_code krb5_do_preauth (krb5_context, krb5_kdc_req *, krb5_pa_data **, krb5_pa_data ***, - krb5_data *, krb5_enctype *, + krb5_data *salt, krb5_data *s2kparams, + krb5_enctype *, krb5_keyblock *, krb5_prompter_fct, void *, krb5_gic_get_as_key_fct, void *); @@ -1005,6 +1035,17 @@ struct _krb5_context { absolute limit on the UDP packet size. */ int udp_pref_limit; + /* This is the tgs_ktypes list as read from the profile, or + set to compiled-in defaults. The application code cannot + override it. This is used for session keys for + intermediate ticket-granting tickets used to acquire the + requested ticket (the session key of which may be + constrained by tgs_ktypes above). */ + krb5_enctype *conf_tgs_ktypes; + int conf_tgs_ktypes_count; + /* Use the _configured version? */ + krb5_boolean use_conf_ktypes; + #ifdef KRB5_DNS_LOOKUP krb5_boolean profile_in_memory; #endif /* KRB5_DNS_LOOKUP */ @@ -1023,7 +1064,7 @@ typedef struct _krb5_safe { krb5_timestamp timestamp; /* client time, optional */ krb5_int32 usec; /* microsecond portion of time, optional */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ krb5_address *s_address; /* sender address */ krb5_address *r_address; /* recipient address, optional */ krb5_checksum *checksum; /* data integrity checksum */ @@ -1039,7 +1080,7 @@ typedef struct _krb5_priv_enc_part { krb5_data user_data; /* user data */ krb5_timestamp timestamp; /* client time, optional */ krb5_int32 usec; /* microsecond portion of time, opt. */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ krb5_address *s_address; /* sender address */ krb5_address *r_address; /* recipient address, optional */ } krb5_priv_enc_part; @@ -1189,6 +1230,9 @@ krb5_error_code encode_krb5_kdc_req_body krb5_error_code encode_krb5_safe (const krb5_safe *rep, krb5_data **code); +krb5_error_code encode_krb5_safe_with_body + (const krb5_safe *rep, const krb5_data *body, krb5_data **code); + krb5_error_code encode_krb5_priv (const krb5_priv *rep, krb5_data **code); @@ -1221,6 +1265,8 @@ krb5_error_code encode_krb5_alt_method krb5_error_code encode_krb5_etype_info (const krb5_etype_info_entry **, krb5_data **code); +krb5_error_code encode_krb5_etype_info2 + (const krb5_etype_info_entry **, krb5_data **code); krb5_error_code encode_krb5_enc_data (const krb5_enc_data *, krb5_data **); @@ -1270,6 +1316,9 @@ krb5_error_code encode_krb5_sam_response krb5_error_code encode_krb5_predicted_sam_response (const krb5_predicted_sam_response * , krb5_data **); +krb5_error_code encode_krb5_setpw_req +(const krb5_principal target, char *password, krb5_data **code); + /************************************************************************* * End of prototypes for krb5_encode.c *************************************************************************/ @@ -1363,6 +1412,9 @@ krb5_error_code decode_krb5_kdc_req_body krb5_error_code decode_krb5_safe (const krb5_data *output, krb5_safe **rep); +krb5_error_code decode_krb5_safe_with_body + (const krb5_data *output, krb5_safe **rep, krb5_data *body); + krb5_error_code decode_krb5_priv (const krb5_data *output, krb5_priv **rep); @@ -1396,6 +1448,9 @@ krb5_error_code decode_krb5_alt_method krb5_error_code decode_krb5_etype_info (const krb5_data *output, krb5_etype_info_entry ***rep); +krb5_error_code decode_krb5_etype_info2 + (const krb5_data *output, krb5_etype_info_entry ***rep); + krb5_error_code decode_krb5_enc_data (const krb5_data *output, krb5_enc_data **rep); @@ -1448,6 +1503,8 @@ krb5_error_code krb5_encode_kdc_rep krb5_error_code krb5_validate_times (krb5_context, krb5_ticket_times *); +krb5_boolean krb5int_auth_con_chkseqnum + (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq); /* * [De]Serialization Handle and operations. */ @@ -1537,6 +1594,11 @@ krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32 (krb5_int32 *, krb5_octet **, size_t *); +/* [De]serialize 8-byte integer */ +krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64 + (krb5_int64, krb5_octet **, size_t *); +krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64 + (krb5_int64 *, krb5_octet **, size_t *); /* [De]serialize byte string */ krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes (krb5_octet *, @@ -1559,7 +1621,46 @@ krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default void krb5int_set_prompt_types (krb5_context, krb5_prompt_type *); - +krb5_error_code +krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, + krb5_keyblock * /* Old keyblock, not new! */); + +/* set and change password helpers */ + +krb5_error_code krb5int_mk_chpw_req + (krb5_context context, krb5_auth_context auth_context, + krb5_data *ap_req, char *passwd, krb5_data *packet); +krb5_error_code krb5int_rd_chpw_rep + (krb5_context context, krb5_auth_context auth_context, + krb5_data *packet, int *result_code, + krb5_data *result_data); +krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string + (krb5_context context, int result_code, + char **result_codestr); +krb5_error_code krb5int_mk_setpw_req + (krb5_context context, krb5_auth_context auth_context, + krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet); +krb5_error_code krb5int_rd_setpw_rep + (krb5_context context, krb5_auth_context auth_context, + krb5_data *packet, int *result_code, + krb5_data *result_data); +krb5_error_code krb5int_setpw_result_code_string + (krb5_context context, int result_code, + const char **result_codestr); + +struct srv_dns_entry { + struct srv_dns_entry *next; + int priority; + int weight; + unsigned short port; + char *host; +}; +krb5_error_code +krb5int_make_srv_query_realm(const krb5_data *realm, + const char *service, + const char *protocol, + struct srv_dns_entry **answers); +void krb5int_free_srv_dns_data(struct srv_dns_entry *); #if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) #pragma import reset @@ -1577,26 +1678,24 @@ void krb5int_set_prompt_types /* To keep happy libraries which are (for now) accessing internal stuff */ /* Make sure to increment by one when changing the struct */ -#define KRB5INT_ACCESS_STRUCT_VERSION 6 +#define KRB5INT_ACCESS_STRUCT_VERSION 8 +#ifndef ANAME_SZ +struct ktext; /* from krb.h, for krb524 support */ +#endif typedef struct _krb5int_access { - krb5_error_code (*krb5_locate_kdc) (krb5_context, const krb5_data *, - struct addrlist *, int, int, int); - krb5_error_code (*krb5_locate_server) (krb5_context, const krb5_data *, - struct addrlist *, int, - const char *, const char *, - int, int, int, int); - void (*free_addrlist) (struct addrlist *); - unsigned int krb5_max_skdc_timeout; - unsigned int krb5_skdc_timeout_shift; - unsigned int krb5_skdc_timeout_1; - unsigned int krb5_max_dgram_size; + /* crypto stuff */ const struct krb5_hash_provider *md5_hash_provider; const struct krb5_enc_provider *arcfour_enc_provider; krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash, const krb5_keyblock *key, unsigned int icount, const krb5_data *input, krb5_data *output); + /* service location and communication */ + krb5_error_code (*locate_server) (krb5_context, const krb5_data *, + struct addrlist *, int, + const char *, const char *, + int, int, int, int); krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, const struct addrlist *, krb5_data *reply, struct sockaddr *, socklen_t *); @@ -1604,6 +1703,24 @@ typedef struct _krb5int_access { const char *hostname, int port, int secport, int socktype, int family); + void (*free_addrlist) (struct addrlist *); + + krb5_error_code (*make_srv_query_realm)(const krb5_data *realm, + const char *service, + const char *protocol, + struct srv_dns_entry **answers); + void (*free_srv_dns_data)(struct srv_dns_entry *); + + /* krb4 compatibility stuff -- may be null if not enabled */ + krb5_int32 (*krb_life_to_time)(krb5_int32, int); + int (*krb_time_to_life)(krb5_int32, krb5_int32); + int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *); + krb5_error_code (*krb5int_c_mandatory_cksumtype) + (krb5_context, krb5_enctype, krb5_cksumtype *); + krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64) + (krb5_int64, krb5_octet **, size_t *); + krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64) + (krb5_int64 *, krb5_octet **, size_t *); } krb5int_access; #define KRB5INT_ACCESS_VERSION \ @@ -1613,6 +1730,29 @@ typedef struct _krb5int_access { krb5_error_code KRB5_CALLCONV krb5int_accessor (krb5int_access*, krb5_int32); +/* Ick -- some krb524 and krb4 support placed in the krb5 library, + because AFS (and potentially other applications?) use the krb4 + object as an opaque token, which (in some implementations) is not + in fact a krb4 ticket, so we don't want to drag in the krb4 support + just to enable this. */ + +#define KRB524_SERVICE "krb524" +#define KRB524_PORT 4444 + +/* v4lifetime.c */ +extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int); +extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32); + +/* conv_creds.c */ +int krb5int_encode_v4tkt + (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); + +/* send524.c */ +int krb5int_524_sendto_kdc + (krb5_context context, const krb5_data * message, + const krb5_data * realm, krb5_data * reply, + struct sockaddr *, socklen_t *); + /* temporary -- this should be under lib/krb5/ccache somewhere */ struct _krb5_ccache { @@ -1744,4 +1884,8 @@ extern const krb5_kt_ops krb5_kt_dfl_ops; extern krb5_error_code krb5int_translate_gai_error (int); +/* Not sure it's ready for exposure just yet. */ +extern krb5_error_code +krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *); + #endif /* _KRB5_INT_H */ diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h new file mode 100644 index 0000000..c4cc7bb --- /dev/null +++ b/src/include/k5-platform.h @@ -0,0 +1,170 @@ +/* + * k5-platform.h + * + * Copyright 2003 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Some platform-dependent definitions to sync up the C support level. + * Some to a C99-ish level, some related utility code. + * + * Currently: make "static inline" work; 64-bit types and load/store + * code; SIZE_MAX. + */ + +#ifndef K5_PLATFORM_H +#define K5_PLATFORM_H + +#if !defined(inline) +# if __STDC_VERSION__ >= 199901L +/* C99 supports inline, don't do anything. */ +# elif defined(__GNUC__) +# define inline __inline__ /* this form silences -pedantic warnings */ +# elif defined(__mips) && defined(__sgi) +# define inline __inline /* IRIX used at MIT does inline but not c99 yet */ +# elif defined(__sun) && __SUNPRO_C >= 0x540 +/* The Forte Developer 7 C compiler supports "inline". */ +# elif defined(_WIN32) +# define inline __inline +# else +# define inline /* nothing, just static */ +# endif +#endif + +#include "autoconf.h" + +/* 64-bit support: krb5_ui_8 and krb5_int64. + + This should move to krb5.h eventually, but without the namespace + pollution from the autoconf macros. */ +#if defined(HAVE_STDINT_H) || defined(HAVE_INTTYPES_H) +# ifdef HAVE_STDINT_H +# include <stdint.h> +# endif +# ifdef HAVE_INTTYPES_H +# include <inttypes.h> +# endif +# define INT64_TYPE int64_t +# define UINT64_TYPE uint64_t +#elif defined(_WIN32) +# define INT64_TYPE signed __int64 +# define UINT64_TYPE unsigned __int64 +#else /* not Windows, and neither stdint.h nor inttypes.h */ +# define INT64_TYPE signed long long +# define UINT64_TYPE unsigned long long +#endif + +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t)((size_t)0 - 1)) +#endif + +/* Read and write integer values as (unaligned) octet strings in + specific byte orders. + + Add per-platform optimizations later if needed. (E.g., maybe x86 + unaligned word stores and gcc/asm instructions for byte swaps, + etc.) */ + +static inline void +store_16_be (unsigned int val, unsigned char *p) +{ + p[0] = (val >> 8) & 0xff; + p[1] = (val ) & 0xff; +} +static inline void +store_16_le (unsigned int val, unsigned char *p) +{ + p[1] = (val >> 8) & 0xff; + p[0] = (val ) & 0xff; +} +static inline void +store_32_be (unsigned int val, unsigned char *p) +{ + p[0] = (val >> 24) & 0xff; + p[1] = (val >> 16) & 0xff; + p[2] = (val >> 8) & 0xff; + p[3] = (val ) & 0xff; +} +static inline void +store_32_le (unsigned int val, unsigned char *p) +{ + p[3] = (val >> 24) & 0xff; + p[2] = (val >> 16) & 0xff; + p[1] = (val >> 8) & 0xff; + p[0] = (val ) & 0xff; +} +static inline void +store_64_be (UINT64_TYPE val, unsigned char *p) +{ + p[0] = (unsigned char)((val >> 56) & 0xff); + p[1] = (unsigned char)((val >> 48) & 0xff); + p[2] = (unsigned char)((val >> 40) & 0xff); + p[3] = (unsigned char)((val >> 32) & 0xff); + p[4] = (unsigned char)((val >> 24) & 0xff); + p[5] = (unsigned char)((val >> 16) & 0xff); + p[6] = (unsigned char)((val >> 8) & 0xff); + p[7] = (unsigned char)((val ) & 0xff); +} +static inline void +store_64_le (UINT64_TYPE val, unsigned char *p) +{ + p[7] = (unsigned char)((val >> 56) & 0xff); + p[6] = (unsigned char)((val >> 48) & 0xff); + p[5] = (unsigned char)((val >> 40) & 0xff); + p[4] = (unsigned char)((val >> 32) & 0xff); + p[3] = (unsigned char)((val >> 24) & 0xff); + p[2] = (unsigned char)((val >> 16) & 0xff); + p[1] = (unsigned char)((val >> 8) & 0xff); + p[0] = (unsigned char)((val ) & 0xff); +} +static inline unsigned short +load_16_be (unsigned char *p) +{ + return (p[1] | (p[0] << 8)); +} +static inline unsigned short +load_16_le (unsigned char *p) +{ + return (p[0] | (p[1] << 8)); +} +static inline unsigned int +load_32_be (unsigned char *p) +{ + return (p[3] | (p[2] << 8) | (p[1] << 16) | (p[0] << 24)); +} +static inline unsigned int +load_32_le (unsigned char *p) +{ + return (p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24)); +} +static inline UINT64_TYPE +load_64_be (unsigned char *p) +{ + return ((UINT64_TYPE)load_32_be(p) << 32) | load_32_be(p+4); +} +static inline UINT64_TYPE +load_64_le (unsigned char *p) +{ + return ((UINT64_TYPE)load_32_le(p+4) << 32) | load_32_le(p); +} + +#endif /* K5_PLATFORM_H */ diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog index baa927a..226443b 100644 --- a/src/include/kerberosIV/ChangeLog +++ b/src/include/kerberosIV/ChangeLog @@ -1,3 +1,8 @@ +2003-09-23 Jeffrey Altman <jaltman@mit.edu> + + * krb.h: Modify the declaration of the CREDENTIALS structure to + support the additional address field used on Windows. + 2003-03-06 Alexandra Ellwood <lxs@mit.edu> * des.h, krb.h: Removed deprecated KfM functions. They will be exported but not in the headers to discourage new callers. Removed diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h index 26ac086..a79df13 100644 --- a/src/include/kerberosIV/krb.h +++ b/src/include/kerberosIV/krb.h @@ -122,6 +122,7 @@ extern const char * const krb_err_txt[MAX_KRB_ERRORS]; #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 +#define ADDR_SZ 40 /* * NB: This overcounts due to NULs. */ @@ -209,6 +210,9 @@ struct credentials { KRB_UINT32 address; /* Address in ticket */ KRB_UINT32 stk_type; /* string_to_key function needed */ #endif +#ifdef _WIN32 + char address[ADDR_SZ]; /* Address in ticket */ +#endif }; typedef struct credentials CREDENTIALS; diff --git a/src/include/krb5.hin b/src/include/krb5.hin index eece828..ea2fcd6 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -56,8 +56,13 @@ #ifndef KRB5_GENERAL__ #define KRB5_GENERAL__ +/* By default, do not expose deprecated interfaces. */ #ifndef KRB5_DEPRECATED -#define KRB5_DEPRECATED 1 /* Expose deprecated things for now. */ +#define KRB5_DEPRECATED 0 +#endif +/* Do not expose private interfaces. Build system will override. */ +#ifndef KRB5_PRIVATE +#define KRB5_PRIVATE 0 #endif #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) @@ -65,20 +70,6 @@ # if TARGET_RT_MAC_CFM # error "Use KfM 4.0 SDK headers for CFM compilation." # endif - -# ifndef KRB5_PRIVATE /* Allow e.g. build system to override */ -# define KRB5_PRIVATE 0 -# endif -#else -#if defined(_WIN32) -# ifndef KRB5_PRIVATE -# define KRB5_PRIVATE 0 -# endif -#else -# ifndef KRB5_PRIVATE -# define KRB5_PRIVATE 1 -# endif -#endif #endif #if defined(_MSDOS) || defined(_WIN32) @@ -491,6 +482,13 @@ krb5_error_code KRB5_CALLCONV (krb5_context context, krb5_enctype enctype, const krb5_data *string, const krb5_data *salt, krb5_keyblock *key); +krb5_error_code KRB5_CALLCONV +krb5_c_string_to_key_with_params(krb5_context context, + krb5_enctype enctype, + const krb5_data *string, + const krb5_data *salt, + const krb5_data *params, + krb5_keyblock *key); krb5_error_code KRB5_CALLCONV krb5_c_enctype_compare @@ -874,7 +872,7 @@ krb5_error_code krb5_decrypt_data #define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ #define KRB5_PADATA_PK_AS_REQ 14 /* PKINIT */ #define KRB5_PADATA_PK_AS_REP 15 /* PKINIT */ - +#define KRB5_PADATA_ETYPE_INFO2 19 #define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ #define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ @@ -902,6 +900,11 @@ krb5_error_code krb5_decrypt_data #define KRB5_KPASSWD_HARDERROR 2 #define KRB5_KPASSWD_AUTHERROR 3 #define KRB5_KPASSWD_SOFTERROR 4 +/* These are Microsoft's extensions in RFC 3244, and it looks like + they'll become standardized, possibly with other additions. */ +#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */ +#define KRB5_KPASSWD_BAD_VERSION 6 +#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */ /* * end "proto.h" @@ -962,7 +965,7 @@ typedef struct _krb5_authenticator { krb5_int32 cusec; /* client usec portion */ krb5_timestamp ctime; /* client sec portion */ krb5_keyblock *subkey; /* true session key, optional */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ krb5_authdata **authorization_data; /* New add by Ari, auth data */ } krb5_authenticator; @@ -1088,7 +1091,7 @@ typedef struct _krb5_ap_rep_enc_part { krb5_timestamp ctime; /* client time, seconds portion */ krb5_int32 cusec; /* client time, microseconds portion */ krb5_keyblock *subkey; /* true session key, optional */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ } krb5_ap_rep_enc_part; typedef struct _krb5_response { @@ -1152,11 +1155,12 @@ typedef struct _krb5_pwd_data { #define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 #define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 +#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 typedef struct krb5_replay_data { krb5_timestamp timestamp; krb5_int32 usec; - krb5_int32 seq; + krb5_ui_4 seq; } krb5_replay_data; /* flags for krb5_auth_con_genaddrs() */ @@ -1166,7 +1170,7 @@ typedef struct krb5_replay_data { #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 /* type of function used as a callback to generate checksum data for - * mk_req*/ + * mk_req */ typedef krb5_error_code (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, @@ -1407,9 +1411,12 @@ krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes (krb5_context, krb5_const_principal, krb5_enctype **); +#endif -krb5_error_code krb5_get_permitted_enctypes +krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes (krb5_context, krb5_enctype **); + +#if KRB5_PRIVATE void KRB5_CALLCONV krb5_free_ktypes (krb5_context, krb5_enctype *); @@ -1632,7 +1639,7 @@ krb5_error_code krb5_generate_subkey const krb5_keyblock *, krb5_keyblock **); krb5_error_code krb5_generate_seq_number (krb5_context, - const krb5_keyblock *, krb5_int32 *); + const krb5_keyblock *, krb5_ui_4 *); #endif krb5_error_code KRB5_CALLCONV krb5_get_server_rcache (krb5_context, @@ -1658,17 +1665,13 @@ krb5_error_code KRB5_CALLCONV krb5_524_conv_principal (krb5_context context, krb5_const_principal princ, char *name, char *inst, char *realm); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_mk_chpw_req - (krb5_context context, krb5_auth_context auth_context, - krb5_data *ap_req, char *passwd, krb5_data *packet); -krb5_error_code KRB5_CALLCONV krb5_rd_chpw_rep - (krb5_context context, krb5_auth_context auth_context, - krb5_data *packet, int *result_code, - krb5_data *result_data); -krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string - (krb5_context context, int result_code, - char **result_codestr); +struct credentials; +int KRB5_CALLCONV krb5_524_convert_creds + (krb5_context context, krb5_creds *v5creds, + struct credentials *v4creds); +#if KRB5_DEPRECATED +#define krb524_convert_creds_kdc krb5_524_convert_creds +#define krb524_init_ets(x) (0) #endif /* libkt.spec */ @@ -1708,10 +1711,10 @@ krb5_error_code KRB5_CALLCONV krb5_kt_add_entry (krb5_context, krb5_keytab, krb5_keytab_entry * ); -#if KRB5_PRIVATE krb5_error_code krb5_principal2salt (krb5_context, krb5_const_principal, krb5_data *); +#if KRB5_PRIVATE krb5_error_code krb5_principal2salt_norealm (krb5_context, krb5_const_principal, krb5_data *); @@ -1871,6 +1874,14 @@ krb5_change_password (krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string); +krb5_error_code KRB5_CALLCONV +krb5_set_password + (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string); +krb5_error_code KRB5_CALLCONV +krb5_set_password_using_ccache + (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string); #if KRB5_PRIVATE #ifndef macintosh @@ -2152,11 +2163,30 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey krb5_auth_context, krb5_keyblock **); +krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey( + krb5_context, krb5_auth_context, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey( + krb5_context, krb5_auth_context, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey( + krb5_context, krb5_auth_context, krb5_keyblock *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey( + krb5_context, krb5_auth_context, krb5_keyblock *); + +#if KRB5_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey (krb5_context, krb5_auth_context, krb5_keyblock **); +krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey + (krb5_context, + krb5_auth_context, + krb5_keyblock **); +#endif + #if KRB5_PRIVATE krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype (krb5_context, @@ -2224,11 +2254,6 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator krb5_auth_context, krb5_authenticator **); -krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); - #define KRB5_REALM_BRANCH_CHAR '.' /* @@ -2257,7 +2282,6 @@ krb5_error_code KRB5_CALLCONV krb5_aname_to_localname krb5_const_principal, int, char * ); -#if KRB5_PRIVATE krb5_error_code KRB5_CALLCONV krb5_get_host_realm (krb5_context, const char *, @@ -2265,6 +2289,7 @@ krb5_error_code KRB5_CALLCONV krb5_get_host_realm krb5_error_code KRB5_CALLCONV krb5_free_host_realm (krb5_context, char * const * ); +#if KRB5_PRIVATE krb5_error_code KRB5_CALLCONV krb5_get_realm_domain (krb5_context, const char *, @@ -2293,9 +2318,12 @@ krb5_error_code krb5_make_fulladdr krb5_address *, krb5_address *, krb5_address *); +#endif -krb5_error_code krb5_set_real_time +krb5_error_code KRB5_CALLCONV krb5_set_real_time (krb5_context, krb5_int32, krb5_int32); + +#if KRB5_PRIVATE krb5_error_code krb5_set_debugging_time (krb5_context, krb5_int32, krb5_int32); krb5_error_code krb5_use_natural_time diff --git a/src/include/krb5/ChangeLog b/src/include/krb5/ChangeLog index ff3d7b3..72dc6e4 100644 --- a/src/include/krb5/ChangeLog +++ b/src/include/krb5/ChangeLog @@ -1,3 +1,7 @@ +2003-05-25 Ezra Peisach <epeisach@mit.edu> + + * kdb.h: Add prototype for krb5_db_iterate_ext. + 2003-03-05 Tom Yu <tlyu@mit.edu> * kdb_kt.h: Add krb5_ktkdb_set_context. Update prototype of diff --git a/src/include/krb5/kdb.h b/src/include/krb5/kdb.h index 1670b54..73a3972 100644 --- a/src/include/krb5/kdb.h +++ b/src/include/krb5/kdb.h @@ -212,6 +212,10 @@ krb5_error_code krb5_db_iterate (krb5_context, krb5_error_code (* ) (krb5_pointer, krb5_db_entry *), krb5_pointer); +krb5_error_code krb5_db_iterate_ext (krb5_context, + krb5_error_code (* ) (krb5_pointer, + krb5_db_entry *), + krb5_pointer, int, int); krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal, krb5_keyblock *); krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal, diff --git a/src/include/krb5/stock/ChangeLog b/src/include/krb5/stock/ChangeLog index 3c7bb4f..bd0d76f 100644 --- a/src/include/krb5/stock/ChangeLog +++ b/src/include/krb5/stock/ChangeLog @@ -1,3 +1,7 @@ +2003-05-29 Ken Raeburn <raeburn@mit.edu> + + * osconf.h (DEFAULT_KDC_ENCTYPE): Default to des3 now. + 2003-03-06 Alexandra Ellwood <lxs@mit.edu> * osconf.h: Added DEFAULT_SECURE_PROFILE_PATH so that KfM will only diff --git a/src/include/krb5/stock/osconf.h b/src/include/krb5/stock/osconf.h index b56d057..876e9f2 100644 --- a/src/include/krb5/stock/osconf.h +++ b/src/include/krb5/stock/osconf.h @@ -64,7 +64,7 @@ #define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf" #define KDC_PROFILE_ENV "KRB5_KDC_PROFILE" -#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES_CBC_CRC +#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES3_CBC_SHA1 #define KDCRCACHE "dfl:krb5kdc_rcache" #define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */ diff --git a/src/include/port-sockets.h b/src/include/port-sockets.h index 3448966..eb87bc1 100644 --- a/src/include/port-sockets.h +++ b/src/include/port-sockets.h @@ -153,6 +153,21 @@ typedef struct iovec sg_buf; #define SHUTDOWN_WRITE 1 #define SHUTDOWN_BOTH 2 +#ifndef HAVE_INET_NTOP +#define inet_ntop(AF,SRC,DST,CNT) \ + ((AF) == AF_INET \ + ? ((CNT) < 16 \ + ? (SOCKET_SET_ERRNO(ENOSPC), NULL) \ + : (sprintf((DST), "%d.%d.%d.%d", \ + ((const unsigned char *)(const void *)(SRC))[0] & 0xff, \ + ((const unsigned char *)(const void *)(SRC))[1] & 0xff, \ + ((const unsigned char *)(const void *)(SRC))[2] & 0xff, \ + ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \ + (DST))) \ + : (SOCKET_SET_ERRNO(EAFNOSUPPORT), NULL)) +#define HAVE_INET_NTOP +#endif + #endif /* HAVE_MACSOCK_H */ #endif /* _WIN32 */ diff --git a/src/include/win-mac.h b/src/include/win-mac.h index b6cf96d..4cf155e 100644 --- a/src/include/win-mac.h +++ b/src/include/win-mac.h @@ -30,9 +30,14 @@ #define SIZEOF_LONG 4 #include <windows.h> +#include <limits.h> #define HAVE_LABS +#ifndef SIZE_MAX /* in case Microsoft defines max size of size_t */ +#define SIZE_MAX UINT_MAX +#endif + #ifndef KRB5_CALLCONV # define KRB5_CALLCONV __stdcall # define KRB5_CALLCONV_C __cdecl @@ -145,8 +150,12 @@ typedef unsigned char u_char; /* * Functions with slightly different names on the PC */ +#ifndef strcasecmp #define strcasecmp stricmp +#endif +#ifndef strncasecmp #define strncasecmp strnicmp +#endif HINSTANCE get_lib_instance(void); |