aboutsummaryrefslogtreecommitdiff
path: root/src/lib/krb5/krb
diff options
context:
space:
mode:
authorno author <devnull@mit.edu>2004-05-17 19:28:46 +0000
committerno author <devnull@mit.edu>2004-05-17 19:28:46 +0000
commitef4d928fc937a354577c397ec8e723e920ff7351 (patch)
tree8ed7a02bd110ed46492e88c6e67d1997bbde297f /src/lib/krb5/krb
parent6670198c5e4945eaabfec95e24b0c47c7d97fc44 (diff)
downloadkrb5-ef4d928fc937a354577c397ec8e723e920ff7351.zip
krb5-ef4d928fc937a354577c397ec8e723e920ff7351.tar.gz
krb5-ef4d928fc937a354577c397ec8e723e920ff7351.tar.bz2
This commit was manufactured by cvs2svn to create tagkfw-2.6.2-beta2
'kfw-2_6_2-beta-2'. git-svn-id: svn://anonsvn.mit.edu/krb5/tags/kfw-2_6_2-beta-2@16344 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb')
-rw-r--r--src/lib/krb5/krb/.Sanitize4
-rw-r--r--src/lib/krb5/krb/ChangeLog325
-rw-r--r--src/lib/krb5/krb/Makefile.in521
-rw-r--r--src/lib/krb5/krb/auth_con.c220
-rw-r--r--src/lib/krb5/krb/auth_con.h10
-rw-r--r--src/lib/krb5/krb/chpw.c322
-rw-r--r--src/lib/krb5/krb/conv_creds.c277
-rw-r--r--src/lib/krb5/krb/copy_data.c22
-rw-r--r--src/lib/krb5/krb/fwd_tgt.c15
-rw-r--r--src/lib/krb5/krb/gc_frm_kdc.c41
-rw-r--r--src/lib/krb5/krb/gen_seqnum.c19
-rw-r--r--src/lib/krb5/krb/get_in_tkt.c35
-rw-r--r--src/lib/krb5/krb/gic_keytab.c81
-rw-r--r--src/lib/krb5/krb/gic_pwd.c119
-rw-r--r--src/lib/krb5/krb/in_tkt_ktb.c125
-rw-r--r--src/lib/krb5/krb/in_tkt_pwd.c123
-rw-r--r--src/lib/krb5/krb/init_ctx.c47
-rw-r--r--src/lib/krb5/krb/kfree.c21
-rw-r--r--src/lib/krb5/krb/mk_cred.c5
-rw-r--r--src/lib/krb5/krb/mk_priv.c5
-rw-r--r--src/lib/krb5/krb/mk_rep.c9
-rw-r--r--src/lib/krb5/krb/mk_req_ext.c58
-rw-r--r--src/lib/krb5/krb/mk_safe.c5
-rw-r--r--src/lib/krb5/krb/parse.c9
-rw-r--r--src/lib/krb5/krb/preauth2.c224
-rw-r--r--src/lib/krb5/krb/rd_cred.c11
-rw-r--r--src/lib/krb5/krb/rd_priv.c8
-rw-r--r--src/lib/krb5/krb/rd_rep.c18
-rw-r--r--src/lib/krb5/krb/rd_req.c4
-rw-r--r--src/lib/krb5/krb/rd_req_dec.c12
-rw-r--r--src/lib/krb5/krb/rd_safe.c26
-rw-r--r--src/lib/krb5/krb/send_tgs.c1
-rw-r--r--src/lib/krb5/krb/ser_actx.c28
-rw-r--r--src/lib/krb5/krb/serialize.c35
-rw-r--r--src/lib/krb5/krb/srv_rcache.c13
-rw-r--r--src/lib/krb5/krb/unparse.c3
-rw-r--r--src/lib/krb5/krb/v4lifetime.c149
37 files changed, 2179 insertions, 771 deletions
diff --git a/src/lib/krb5/krb/.Sanitize b/src/lib/krb5/krb/.Sanitize
index 7457c84..a2ab3a0 100644
--- a/src/lib/krb5/krb/.Sanitize
+++ b/src/lib/krb5/krb/.Sanitize
@@ -37,6 +37,7 @@ chk_trans.c
cleanup.h
configure
configure.in
+conv_creds.c
conv_princ.c
copy_addrs.c
copy_athctr.c
@@ -60,8 +61,6 @@ gen_seqnum.c
gen_subkey.c
get_creds.c
get_in_tkt.c
-in_tkt_ktb.c
-in_tkt_pwd.c
in_tkt_sky.c
init_ctx.c
int-proto.h
@@ -106,6 +105,7 @@ t_ref_kerb.out
t_ser.c
tgtname.c
unparse.c
+v4lifetime.c
valid_times.c
walk_rtree.c
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index c936ca4..274245a 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,328 @@
+2004-05-12 Jeffrey Altman <jaltman@mit.edu>
+
+ * send_tgs.c: krb5_send_tgs() was broken in the case of a KRB_ERROR
+ message. The krb5_response message_type field was never set
+ resulting in stack garbage being used instead. This would
+ break code which used transitive cross-realm to obtain service
+ tickets.
+
+2004-04-15 Sam Hartman <hartmans@mit.edu>
+
+ * gic_pwd.c (krb5_get_init_creds_password): Free the as reply in
+ the !use_master case (Thanks to Lijian Liu)
+
+2004-02-06 Sam Hartman <hartmans@avalanche-breakdown.mit.edu>
+
+ * init_ctx.c (DEFAULT_ETYPE_LIST): Include aes128-cts
+
+2003-12-13 Ken Raeburn <raeburn@mit.edu>
+
+ * mk_req_ext.c (krb5int_generate_and_save_subkey): New function,
+ split out from krb5_mk_req_extended.
+ (krb5_mk_req_extended): Call it.
+ * mk_rep.c (krb5_mk_rep): If KRB5_AUTH_CONTEXT_USE_SUBKEY flag is
+ set, call krb5int_generate_and_save_subkey to set up a new subkey
+ to send to the client.
+
+ * serialize.c (krb5_ser_pack_int64, krb5_ser_unpack_int64): New
+ functions.
+
+2003-10-30 Tom Yu <tlyu@mit.edu>
+
+ * gen_seqnum.c (krb5_generate_seq_number): Fix mask; was short by
+ 4 bits.
+
+2003-10-08 Tom Yu <tlyu@mit.edu>
+
+ * rd_safe.c (krb5_rd_safe_basic): Save the encoded KRB-SAFE-BODY
+ to avoid trouble caused by re-encoding. Also, handle correctly
+ implemented RFC 1510 KRB-SAFE, i.e., checksummed over
+ KRB-SAFE-BODY only.
+
+2003-09-02 Tom Yu <tlyu@mit.edu>
+
+ * conv_creds.c (krb524_convert_creds_plain): Apply patch from
+ Cesar Garcia to fix lifetime computation.
+
+2003-08-19 SamHartman <hartmans@avalanche-breakdown.mit.edu>
+
+ * rd_cred.c (decrypt_credencdata): Don't double free credentials.
+
+2003-08-08 Tom Yu <tlyu@mit.edu>
+
+ * gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
+ turned off, the second call to get_init_creds() will fail with
+ KRB5_REALM_UNKNOWN under certain circumstances. If that happens,
+ return the error from the first call to get_init_creds(), which
+ will be more useful to the user.
+
+2003-07-22 Sam Hartman <hartmans@avalanche-breakdown.mit.edu>
+
+ * preauth2.c (krb5_do_preauth): Use the etype_info2 decoder for decoding etype_info2
+ (krb5_do_preauth): If an invalid encoding of etype_info or
+ etype_info2 is received, ignore it rather than failing the request
+
+2003-07-09 Alexandra Ellwood <lxs@mit.edu>
+
+ * init_ctx.c: Export krb5_get_permitted_enctypes for Samba.
+
+2003-06-27 Tom Yu <tlyu@mit.edu>
+
+ * gic_keytab.c (krb5_get_in_tkt_with_keytab): Pass (void*)keytab,
+ not &keytab, to get_init_creds. Thanks to Herb Lewis.
+
+2003-06-16 Sam Hartman <hartmans@mit.edu>
+
+ * fwd_tgt.c (krb5_fwd_tgt_creds): Set use_conf_ktypes to true while getting the TGT key
+
+2003-06-13 Tom Yu <tlyu@mit.edu>
+
+ * rd_rep.c (krb5_rd_rep): Free subkeys before replacing them, if
+ needed. This avoids a memory leak.
+
+2003-06-11 Tom Yu <tlyu@mit.edu>
+
+ * srv_rcache.c (krb5_get_server_rcache): Octal escapes begin with
+ hyphen now, since backslash is a pathname separator on DOS.
+
+2003-06-06 Sam Hartman <hartmans@mit.edu>
+
+ * get_in_tkt.c (krb5_get_init_creds): Mask out renewable_ok if the
+ request is for a renewable ticket with rtime greater than till
+
+2003-06-06 Ezra Peisach <epeisach@mit.edu>
+
+ * mk_req_ext.c (krb5_generate_authenticator): Sequence numbers are
+ unsigned now.
+
+2003-05-30 Ken Raeburn <raeburn@mit.edu>
+
+ * get_in_tkt.c (krb5_get_init_creds): Change hardcoded default
+ ticket lifetime from 10 hours to 24 hours.
+
+ * init_ctx.c (DEFAULT_KDC_TIMESYNC): Define as 1 always.
+ (DEFAULT_CCACHE_TYPE): Define as 4 always.
+
+2003-05-30 Alexandra Ellwood <lxs@mit.edu>
+
+ * get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime
+ of tickets whose request options included KDC_OPT_RENEWABLE_OK
+ if those options did not also include KDC_OPT_RENEWABLE. Otherwise
+ verify_as_reply() will fail for all renewable tickets.
+
+2003-05-27 Ken Raeburn <raeburn@mit.edu>
+
+ * conv_creds.c: Enable support on Windows always.
+ (krb5_524_convert_creds): Renamed from krb524_convert_creds_kdc.
+ (krb524_convert_creds_kdc, krb524_init_ets) [!_WIN32]: Backwards
+ compatibility functions.
+
+2003-05-27 Sam Hartman <hartmans@mit.edu>
+
+ * gic_keytab.c (krb5_get_in_tkt_with_keytab): as below
+
+ * gic_pwd.c (krb5_get_in_tkt_with_password): Store client and
+ server principals to avoid memory leak
+
+2003-05-24 Ken Raeburn <raeburn@mit.edu>
+
+ * conv_creds.c: New file, moved from krb524/conv_creds.c and
+ krb524/encode.c. Rename exported encode routine, make other
+ encode and decode routines static. If KRB5_KRB4_COMPAT is not
+ defined, return an error.
+ * v4lifetime.c: New file, moved from lib/krb4/lifetime.c. Renamed
+ functions, changed interface to use krb5 types.
+ * Makefile.in (STLIBOBJS, OBJS, SRCS): Add them.
+
+2003-05-23 Sam Hartman <hartmans@mit.edu>
+
+ * get_in_tkt.c (krb5_get_init_creds): Initialize options based on
+ context.kdc_default_options
+
+2003-05-22 Tom Yu <tlyu@mit.edu>
+
+ * gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequence
+ number mask.
+
+ * auth_con.c (krb5int_auth_con_chkseqnum): New function; implement
+ heuristic for broken Heimdal sequence number encoding.
+ (chk_heimdal_seqnum): Auxiliary function for above.
+
+ * auth_con.h: Add flags for sequence number heuristic.
+
+ * rd_priv.c: Use krb5int_auth_con_chkseqnum.
+
+ * rd_safe.c: Use krb5int_auth_con_chkseqnum.
+
+2003-05-22 Sam Hartman <hartmans@mit.edu>
+
+ * gic_pwd.c (krb5int_populate_gic_opt): returns void
+
+2003-05-21 Tom Yu <tlyu@mit.edu>
+
+ * gic_pwd.c (krb5_get_in_tkt_with_password): Set pw0.length
+ correctly if a password is passed in.
+
+2003-05-20 Sam Hartman <hartmans@mit.edu>
+
+ * Makefile.in (SRCS): Remove in_ktb.c
+
+ * gic_keytab.c (krb5_get_in_tkt_with_keytab): Move from
+ in_tkt_keytab.c and rewrite to use krb5_get_init_creds
+
+ * gic_pwd.c (krb5_get_in_tkt_with_password): Moved here from
+ in_tkt_pwd.c so it can share code with
+ krb5_get_init_creds_password. Rewritten to call
+ krb5_get_in_tkt_password
+
+ * Makefile.in (SRCS): Delete in_tkt_pwd.c
+
+2003-05-18 Tom Yu <tlyu@mit.edu>
+
+ * auth_con.h: Sequence numbers are now unsigned.
+
+ * gen_seqnum.c (krb5_generate_seq_number): Constrain initial
+ sequence number space to facilitate backwards compatibility.
+
+2003-05-16 Ken Raeburn <raeburn@mit.edu>
+
+ * chpw.c (krb5int_rd_chpw_rep): Allow new kpasswd error codes up
+ through _INITIAL_FLAG_NEEDED.
+
+2003-05-13 Sam Hartman <hartmans@mit.edu>
+
+ * fwd_tgt.c (krb5_fwd_tgt_creds): Try with no specified enctype if
+ forwarding a specific enctype fails. l
+
+ * get_in_tkt.c (krb5_get_init_creds): Free s2kparams
+
+ * preauth2.c (krb5_do_preauth): Fix memory management
+ (pa_salt): Use copy_data_contents
+
+ * copy_data.c (krb5int_copy_data_contents): New function
+
+2003-05-09 Sam Hartman <hartmans@mit.edu>
+
+ * preauth2.c: Patch from Sun to reorganize code for handling
+ etype_info requests. More efficient and easier to implement etype_info2
+ (krb5_do_preauth): Support enctype_info2
+
+2003-05-08 Sam Hartman <hartmans@mit.edu>
+
+ * preauth2.c: Add s2kparams to the declaration of a preauth
+ function, to every instance of a preauth function and to every
+ call to gak_fct
+
+ * get_in_tkt.c (krb5_get_init_creds): Add s2kparams support
+
+ * gic_keytab.c (krb5_get_as_key_keytab): Add s2kparams
+
+ * gic_pwd.c (krb5_get_as_key_password): Add s2kparams support
+
+2003-05-09 Ken Raeburn <raeburn@mit.edu>
+
+ * init_ctx.c (init_common): Copy tgs_ktypes array to
+ conf_tgs_ktypes. Clear use_conf_ktypes.
+ (krb5_free_context): Free conf_tgs_ktypes.
+ (krb5_get_tgs_ktypes): Use use_conf_ktypes to choose between
+ tgs_ktypes and conf_tgs_ktypes.
+
+ * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Set use_conf_ktypes
+ in context to 1 for all operations except the acquisition of the
+ desired service ticket.
+
+2003-05-09 Tom Yu <tlyu@mit.edu>
+
+ * auth_con.c (krb5_auth_con_setsendsubkey)
+ (krb5_auth_con_setrecvsubkey, krb5_auth_con_getsendsubkey)
+ (krb5_auth_con_getrecvsubkey): New functions. Set or retrieve
+ subkeys from an auth_context.
+ (krb5_auth_con_getlocalsubkey, krb5_auth_con_getremotesubkey):
+ Reimplement in terms of the above.
+
+ * auth_con.h, ser_actx.c: Rename {local,remote}_subkey ->
+ {send,recv}_subkey.
+
+ * chpw.c (krb5int_rd_chpw_rep): Save send_subkey prior to rd_rep;
+ use saved send_subkey to smash recv_subkey obtained from rd_rep.
+
+ * mk_req_ext.c (krb5_mk_req_extended): Rename
+ {local,remote}_subkey -> {send,recv}_subkey. Set both subkeys if
+ subkey generation is requested.
+
+ * mk_cred.c, mk_priv.c, mk_safe.c: Rename {local,remote}_subkey ->
+ {send,recv}_subkey. Use either send_subkey or keyblock, in that
+ order.
+
+ * rd_cred.c, rd_priv.c, rd_safe.c: Rename {local,remote}_subkey ->
+ {send,recv}_subkey. Use either recv_subkey or keyblock, in that
+ order.
+
+ * rd_rep.c (krb5_rd_rep): Rename {local,remote}_subkey ->
+ {send,recv}_subkey. Set both subkeys if a subkey is present in
+ the AP-REP message.
+
+ * rd_req_dec.c (krb5_rd_req_decoded_opt): Rename
+ {local,remote}_subkey -> {send,recv}_subkey. Set both subkeys if
+ a subkey is present in the AP-REQ message.
+
+2003-05-06 Sam Hartman <hartmans@mit.edu>
+
+ * kfree.c (krb5_free_etype_info): Free s2kparams
+
+2003-04-27 Sam Hartman <hartmans@mit.edu>
+
+ * chpw.c (krb5int_setpw_result_code_string): Make internal
+
+2003-04-25 Sam Hartman <hartmans@mit.edu>
+
+ * chpw.c (krb5int_rd_setpw_rep): Fix error handling; allow
+ krberrors to be read correctly; fix memory alloctaion so that
+ allocated structures are freed.
+
+2003-04-24 Ezra Peisach <epeisach@mit.edu>
+
+ * kfree.c (krb5_free_pwd_sequences): Correction to previous
+ fix. Free contents of krb5_data - not just the pointer.
+
+2003-04-23 Ezra Peisach <epeisach@mit.edu>
+
+ * kfree.c (krb5_free_pwd_sequences): Actually free the entire
+ sequence of passwd_phase_elements and not just the first one.
+
+2003-04-16 Sam Hartman <hartmans@mit.edu>
+
+ * chpw.c (krb5int_mk_setpw_req): Use encode_krb5_setpw_req. Fix
+ memory handling to free data that is allocated
+
+2003-04-15 Sam Hartman <hartmans@mit.edu>
+
+ * chpw.c (krb5int_mk_setpw_req krb5int_rd_setpw_rep): New function
+
+2003-04-13 Ken Raeburn <raeburn@mit.edu>
+
+ * init_ctx.c (DEFAULT_ETYPE_LIST): Add AES with 256 bits at the
+ front of the list. No 128-bit support by defaut.
+
+2003-04-01 Nalin Dahyabhai <nalin@redhat.com>
+
+ * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Check principal name
+ length before examining components.
+
+ * parse.c (krb5_parse_name): Double-check principal name length
+ before filling in components.
+
+ * srv_rcache.c (krb5_get_server_rcache): Check for null pointer
+ supplied in place of name.
+
+ * unparse.c (krb5_unparse_name_ext): Don't move buffer pointer
+ backwards if nothing has been put into the buffer yet.
+
+2003-04-01 Sam Hartman <hartmans@mit.edu>
+
+ * rd_req.c (krb5_rd_req): If AUTH_CONTEXT_DO_TIME is cleared,
+ don't set up a replay cache.
+
2003-03-08 Ezra Peisach <epeisach@mit.edu>
* t_kerb.c: Only include krb.h if krb4 support compiled in,
diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in
index 18627b1..b703e56 100644
--- a/src/lib/krb5/krb/Makefile.in
+++ b/src/lib/krb5/krb/Makefile.in
@@ -23,6 +23,7 @@ STLIBOBJS= \
bld_princ.o \
chk_trans.o \
chpw.o \
+ conv_creds.o \
conv_princ.o \
copy_addrs.o \
copy_auth.o \
@@ -51,8 +52,6 @@ STLIBOBJS= \
gic_keytab.o \
gic_opt.o \
gic_pwd.o \
- in_tkt_ktb.o \
- in_tkt_pwd.o \
in_tkt_sky.o \
init_ctx.o \
init_keyblock.o \
@@ -95,6 +94,7 @@ STLIBOBJS= \
str_conv.o \
tgtname.o \
unparse.o \
+ v4lifetime.o \
valid_times.o \
vfy_increds.o \
vic_opt.o \
@@ -109,6 +109,7 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \
$(OUTPRE)bld_princ.$(OBJEXT) \
$(OUTPRE)chk_trans.$(OBJEXT) \
$(OUTPRE)chpw.$(OBJEXT) \
+ $(OUTPRE)conv_creds.$(OBJEXT) \
$(OUTPRE)conv_princ.$(OBJEXT) \
$(OUTPRE)copy_addrs.$(OBJEXT) \
$(OUTPRE)copy_auth.$(OBJEXT) \
@@ -137,8 +138,6 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \
$(OUTPRE)gic_keytab.$(OBJEXT) \
$(OUTPRE)gic_opt.$(OBJEXT) \
$(OUTPRE)gic_pwd.$(OBJEXT) \
- $(OUTPRE)in_tkt_ktb.$(OBJEXT) \
- $(OUTPRE)in_tkt_pwd.$(OBJEXT) \
$(OUTPRE)in_tkt_sky.$(OBJEXT) \
$(OUTPRE)init_ctx.$(OBJEXT) \
$(OUTPRE)init_keyblock.$(OBJEXT) \
@@ -181,6 +180,7 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \
$(OUTPRE)str_conv.$(OBJEXT) \
$(OUTPRE)tgtname.$(OBJEXT) \
$(OUTPRE)unparse.$(OBJEXT) \
+ $(OUTPRE)v4lifetime.$(OBJEXT) \
$(OUTPRE)valid_times.$(OBJEXT) \
$(OUTPRE)vfy_increds.$(OBJEXT) \
$(OUTPRE)vic_opt.$(OBJEXT) \
@@ -196,6 +196,7 @@ SRCS= $(srcdir)/addr_comp.c \
$(srcdir)/brand.c \
$(srcdir)/chk_trans.c \
$(srcdir)/chpw.c \
+ $(srcdir)/conv_creds.c \
$(srcdir)/conv_princ.c \
$(srcdir)/copy_addrs.c \
$(srcdir)/copy_auth.c \
@@ -224,8 +225,6 @@ SRCS= $(srcdir)/addr_comp.c \
$(srcdir)/gic_keytab.c \
$(srcdir)/gic_opt.c \
$(srcdir)/gic_pwd.c \
- $(srcdir)/in_tkt_ktb.c \
- $(srcdir)/in_tkt_pwd.c \
$(srcdir)/in_tkt_sky.c \
$(srcdir)/init_ctx.c \
$(srcdir)/init_keyblock.c \
@@ -268,6 +267,7 @@ SRCS= $(srcdir)/addr_comp.c \
$(srcdir)/str_conv.c \
$(srcdir)/tgtname.c \
$(srcdir)/unparse.c \
+ $(srcdir)/v4lifetime.c \
$(srcdir)/valid_times.c \
$(srcdir)/vfy_increds.c \
$(srcdir)/vic_opt.c \
@@ -367,449 +367,482 @@ clean::
#
addr_comp.so addr_comp.po $(OUTPRE)addr_comp.$(OBJEXT): addr_comp.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
addr_order.so addr_order.po $(OUTPRE)addr_order.$(OBJEXT): addr_order.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
addr_srch.so addr_srch.po $(OUTPRE)addr_srch.$(OBJEXT): addr_srch.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
appdefault.so appdefault.po $(OUTPRE)appdefault.$(OBJEXT): appdefault.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
auth_con.so auth_con.po $(OUTPRE)auth_con.$(OBJEXT): auth_con.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
bld_pr_ext.so bld_pr_ext.po $(OUTPRE)bld_pr_ext.$(OBJEXT): bld_pr_ext.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
bld_princ.so bld_princ.po $(OUTPRE)bld_princ.$(OBJEXT): bld_princ.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
brand.so brand.po $(OUTPRE)brand.$(OBJEXT): brand.c
chk_trans.so chk_trans.po $(OUTPRE)chk_trans.$(OBJEXT): chk_trans.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): chpw.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/krb5_err.h \
- auth_con.h
-conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5_err.h auth_con.h
+conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): conv_creds.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(KRB_ERR_H_DEP)
+conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_addrs.so copy_addrs.po $(OUTPRE)copy_addrs.$(OBJEXT): copy_addrs.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_auth.so copy_auth.po $(OUTPRE)copy_auth.$(OBJEXT): copy_auth.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): copy_athctr.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): copy_cksum.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_creds.so copy_creds.po $(OUTPRE)copy_creds.$(OBJEXT): copy_creds.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_data.so copy_data.po $(OUTPRE)copy_data.$(OBJEXT): copy_data.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_key.so copy_key.po $(OUTPRE)copy_key.$(OBJEXT): copy_key.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_princ.so copy_princ.po $(OUTPRE)copy_princ.$(OBJEXT): copy_princ.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
copy_tick.so copy_tick.po $(OUTPRE)copy_tick.$(OBJEXT): copy_tick.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
cp_key_cnt.so cp_key_cnt.po $(OUTPRE)cp_key_cnt.$(OBJEXT): cp_key_cnt.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
decode_kdc.so decode_kdc.po $(OUTPRE)decode_kdc.$(OBJEXT): decode_kdc.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
decrypt_tk.so decrypt_tk.po $(OUTPRE)decrypt_tk.$(OBJEXT): decrypt_tk.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
deltat.so deltat.po $(OUTPRE)deltat.$(OBJEXT): deltat.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
enc_helper.so enc_helper.po $(OUTPRE)enc_helper.$(OBJEXT): enc_helper.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
encode_kdc.so encode_kdc.po $(OUTPRE)encode_kdc.$(OBJEXT): encode_kdc.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
encrypt_tk.so encrypt_tk.po $(OUTPRE)encrypt_tk.$(OBJEXT): encrypt_tk.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
free_rtree.so free_rtree.po $(OUTPRE)free_rtree.$(OBJEXT): free_rtree.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
fwd_tgt.so fwd_tgt.po $(OUTPRE)fwd_tgt.$(OBJEXT): fwd_tgt.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
gc_frm_kdc.so gc_frm_kdc.po $(OUTPRE)gc_frm_kdc.$(OBJEXT): gc_frm_kdc.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
gc_via_tkt.so gc_via_tkt.po $(OUTPRE)gc_via_tkt.$(OBJEXT): gc_via_tkt.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
gen_seqnum.so gen_seqnum.po $(OUTPRE)gen_seqnum.$(OBJEXT): gen_seqnum.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
gen_subkey.so gen_subkey.po $(OUTPRE)gen_subkey.$(OBJEXT): gen_subkey.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): get_creds.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): get_in_tkt.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h $(srcdir)/../os/os-proto.h
+ int-proto.h $(srcdir)/../os/os-proto.h
gic_keytab.so gic_keytab.po $(OUTPRE)gic_keytab.$(OBJEXT): gic_keytab.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
gic_opt.so gic_opt.po $(OUTPRE)gic_opt.$(OBJEXT): gic_opt.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
gic_pwd.so gic_pwd.po $(OUTPRE)gic_pwd.$(OBJEXT): gic_pwd.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
-in_tkt_ktb.so in_tkt_ktb.po $(OUTPRE)in_tkt_ktb.$(OBJEXT): in_tkt_ktb.c $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
-in_tkt_pwd.so in_tkt_pwd.po $(OUTPRE)in_tkt_pwd.$(OBJEXT): in_tkt_pwd.c $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
in_tkt_sky.so in_tkt_sky.po $(OUTPRE)in_tkt_sky.$(OBJEXT): in_tkt_sky.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
init_ctx.so init_ctx.po $(OUTPRE)init_ctx.$(OBJEXT): init_ctx.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h brand.c $(srcdir)/../krb5_libinit.h
+ brand.c $(srcdir)/../krb5_libinit.h
init_keyblock.so init_keyblock.po $(OUTPRE)init_keyblock.$(OBJEXT): init_keyblock.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
kdc_rep_dc.so kdc_rep_dc.po $(OUTPRE)kdc_rep_dc.$(OBJEXT): kdc_rep_dc.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
kfree.so kfree.po $(OUTPRE)kfree.$(OBJEXT): kfree.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
mk_cred.so mk_cred.po $(OUTPRE)mk_cred.$(OBJEXT): mk_cred.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+ cleanup.h auth_con.h
mk_error.so mk_error.po $(OUTPRE)mk_error.$(OBJEXT): mk_error.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): mk_priv.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+ cleanup.h auth_con.h
mk_rep.so mk_rep.po $(OUTPRE)mk_rep.$(OBJEXT): mk_rep.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): mk_req.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): mk_req_ext.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): mk_safe.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+ cleanup.h auth_con.h
parse.so parse.po $(OUTPRE)parse.$(OBJEXT): parse.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
pr_to_salt.so pr_to_salt.po $(OUTPRE)pr_to_salt.$(OBJEXT): pr_to_salt.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
preauth.so preauth.po $(OUTPRE)preauth.$(OBJEXT): preauth.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
preauth2.so preauth2.po $(OUTPRE)preauth2.$(OBJEXT): preauth2.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
princ_comp.so princ_comp.po $(OUTPRE)princ_comp.$(OBJEXT): princ_comp.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
rd_cred.so rd_cred.po $(OUTPRE)rd_cred.$(OBJEXT): rd_cred.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+ cleanup.h auth_con.h
rd_error.so rd_error.po $(OUTPRE)rd_error.$(OBJEXT): rd_error.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): rd_priv.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+ cleanup.h auth_con.h
rd_rep.so rd_rep.po $(OUTPRE)rd_rep.$(OBJEXT): rd_rep.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): rd_req.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
rd_req_dec.so rd_req_dec.po $(OUTPRE)rd_req_dec.$(OBJEXT): rd_req_dec.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): rd_safe.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h cleanup.h auth_con.h
+ cleanup.h auth_con.h
recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): recvauth.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): sendauth.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
send_tgs.so send_tgs.po $(OUTPRE)send_tgs.$(OBJEXT): send_tgs.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
ser_actx.so ser_actx.po $(OUTPRE)ser_actx.$(OBJEXT): ser_actx.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h auth_con.h
+ int-proto.h auth_con.h
ser_adata.so ser_adata.po $(OUTPRE)ser_adata.$(OBJEXT): ser_adata.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
ser_addr.so ser_addr.po $(OUTPRE)ser_addr.$(OBJEXT): ser_addr.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
ser_auth.so ser_auth.po $(OUTPRE)ser_auth.$(OBJEXT): ser_auth.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
ser_cksum.so ser_cksum.po $(OUTPRE)ser_cksum.$(OBJEXT): ser_cksum.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
ser_ctx.so ser_ctx.po $(OUTPRE)ser_ctx.$(OBJEXT): ser_ctx.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
ser_eblk.so ser_eblk.po $(OUTPRE)ser_eblk.$(OBJEXT): ser_eblk.c
ser_key.so ser_key.po $(OUTPRE)ser_key.$(OBJEXT): ser_key.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
ser_princ.so ser_princ.po $(OUTPRE)ser_princ.$(OBJEXT): ser_princ.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
serialize.so serialize.po $(OUTPRE)serialize.$(OBJEXT): serialize.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
set_realm.so set_realm.po $(OUTPRE)set_realm.$(OBJEXT): set_realm.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): srv_rcache.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): str_conv.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
tgtname.so tgtname.po $(OUTPRE)tgtname.$(OBJEXT): tgtname.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
unparse.so unparse.po $(OUTPRE)unparse.$(OBJEXT): unparse.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
+v4lifetime.so v4lifetime.po $(OUTPRE)v4lifetime.$(OBJEXT): v4lifetime.c $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): valid_times.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
vfy_increds.so vfy_increds.po $(OUTPRE)vfy_increds.$(OBJEXT): vfy_increds.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
vic_opt.so vic_opt.po $(OUTPRE)vic_opt.$(OBJEXT): vic_opt.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
walk_rtree.so walk_rtree.po $(OUTPRE)walk_rtree.$(OBJEXT): walk_rtree.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h int-proto.h
+ int-proto.h
t_walk_rtree.so t_walk_rtree.po $(OUTPRE)t_walk_rtree.$(OBJEXT): t_walk_rtree.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
t_kerb.so t_kerb.po $(OUTPRE)t_kerb.$(OBJEXT): t_kerb.c $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
$(BUILDTOP)/include/profile.h
t_ser.so t_ser.po $(OUTPRE)t_ser.$(OBJEXT): t_ser.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h auth_con.h
+ auth_con.h
t_deltat.so t_deltat.po $(OUTPRE)t_deltat.$(OBJEXT): t_deltat.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h
+ $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): t_expand.c chk_trans.c \
$(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
- $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h
+ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(SRCTOP)/include/krb5/kdb.h
diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index 09ccf98..cd3acf1 100644
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -1,6 +1,8 @@
#include "k5-int.h"
#include "auth_con.h"
+static krb5_boolean chk_heimdal_seqnum(krb5_ui_4, krb5_ui_4);
+
static krb5_error_code
actx_copy_addr(krb5_context context, const krb5_address *inad, krb5_address **outad)
{
@@ -59,10 +61,10 @@ krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context)
krb5_free_authenticator(context, auth_context->authentp);
if (auth_context->keyblock)
krb5_free_keyblock(context, auth_context->keyblock);
- if (auth_context->local_subkey)
- krb5_free_keyblock(context, auth_context->local_subkey);
- if (auth_context->remote_subkey)
- krb5_free_keyblock(context, auth_context->remote_subkey);
+ if (auth_context->send_subkey)
+ krb5_free_keyblock(context, auth_context->send_subkey);
+ if (auth_context->recv_subkey)
+ krb5_free_keyblock(context, auth_context->recv_subkey);
if (auth_context->rcache)
krb5_rc_close(context, auth_context->rcache);
if (auth_context->permitted_etypes)
@@ -176,17 +178,53 @@ krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_
krb5_error_code KRB5_CALLCONV
krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
{
- if (auth_context->local_subkey)
- return krb5_copy_keyblock(context,auth_context->local_subkey,keyblock);
+ return krb5_auth_con_getsendsubkey(context, auth_context, keyblock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
+{
+ return krb5_auth_con_getrecvsubkey(context, auth_context, keyblock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
+{
+ if (ac->send_subkey != NULL)
+ krb5_free_keyblock(ctx, ac->send_subkey);
+ ac->send_subkey = NULL;
+ if (keyblock !=NULL)
+ return krb5_copy_keyblock(ctx, keyblock, &ac->send_subkey);
+ else
+ return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
+{
+ if (ac->recv_subkey != NULL)
+ krb5_free_keyblock(ctx, ac->recv_subkey);
+ ac->recv_subkey = NULL;
+ if (keyblock != NULL)
+ return krb5_copy_keyblock(ctx, keyblock, &ac->recv_subkey);
+ else
+ return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
+{
+ if (ac->send_subkey != NULL)
+ return krb5_copy_keyblock(ctx, ac->send_subkey, keyblock);
*keyblock = NULL;
return 0;
}
krb5_error_code KRB5_CALLCONV
-krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
+krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
{
- if (auth_context->remote_subkey)
- return krb5_copy_keyblock(context,auth_context->remote_subkey,keyblock);
+ if (ac->recv_subkey != NULL)
+ return krb5_copy_keyblock(ctx, ac->recv_subkey, keyblock);
*keyblock = NULL;
return 0;
}
@@ -359,3 +397,167 @@ krb5_auth_con_get_checksum_func( krb5_context context,
*data = auth_context->checksum_func_data;
return 0;
}
+
+/*
+ * krb5int_auth_con_chkseqnum
+ *
+ * We use a somewhat complex heuristic for validating received
+ * sequence numbers. We must accommodate both our older
+ * implementation, which sends negative sequence numbers, and the
+ * broken Heimdal implementation (at least as of 0.5.2), which
+ * violates X.690 BER for integer encodings. The requirement of
+ * handling negative sequence numbers removes one of easier means of
+ * detecting a Heimdal implementation, so we resort to this mess
+ * here.
+ *
+ * X.690 BER (and consequently DER, which are the required encoding
+ * rules in RFC1510) encode all integer types as signed integers.
+ * This means that the MSB being set on the first octet of the
+ * contents of the encoding indicates a negative value. Heimdal does
+ * not prepend the required zero octet to unsigned integer encodings
+ * which would otherwise have the MSB of the first octet of their
+ * encodings set.
+ *
+ * Our ASN.1 library implements a special decoder for sequence
+ * numbers, accepting both negative and positive 32-bit numbers but
+ * mapping them both into the space of positive unsigned 32-bit
+ * numbers in the obvious bit-pattern-preserving way. This maintains
+ * compatibility with our older implementations. This also means that
+ * encodings emitted by Heimdal are ambiguous.
+ *
+ * Heimdal counter value received uint32 value
+ *
+ * 0x00000080 0xFFFFFF80
+ * 0x000000FF 0xFFFFFFFF
+ * 0x00008000 0xFFFF8000
+ * 0x0000FFFF 0xFFFFFFFF
+ * 0x00800000 0xFF800000
+ * 0x00FFFFFF 0xFFFFFFFF
+ * 0xFF800000 0xFF800000
+ * 0xFFFFFFFF 0xFFFFFFFF
+ *
+ * We use two auth_context flags, SANE_SEQ and HEIMDAL_SEQ, which are
+ * only set after we can unambiguously determine the sanity of the
+ * sending implementation. Once one of these flags is set, we accept
+ * only the sequence numbers appropriate to the remote implementation
+ * type. We can make the determination in two different ways. The
+ * first is to note the receipt of a "negative" sequence number when a
+ * "positive" one was expected. The second is to note the receipt of
+ * a sequence number that wraps through "zero" in a weird way. The
+ * latter corresponds to the receipt of an initial sequence number in
+ * the ambiguous range.
+ *
+ * There are 2^7 + 2^15 + 2^23 + 2^23 = 16810112 total ambiguous
+ * initial Heimdal counter values, but we receive them as one of 2^23
+ * possible values. There is a ~1/256 chance of a Heimdal
+ * implementation sending an intial sequence number in the ambiguous
+ * range.
+ *
+ * We have to do special treatment when receiving sequence numbers
+ * between 0xFF800000..0xFFFFFFFF, or when wrapping through zero
+ * weirdly (due to ambiguous initial sequence number). If we are
+ * expecting a value corresponding to an ambiguous Heimdal counter
+ * value, and we receive an exact match, we can mark the remote end as
+ * sane.
+ */
+krb5_boolean
+krb5int_auth_con_chkseqnum(
+ krb5_context ctx,
+ krb5_auth_context ac,
+ krb5_ui_4 in_seq)
+{
+ krb5_ui_4 exp_seq;
+
+ exp_seq = ac->remote_seq_number;
+
+ /*
+ * If sender is known to be sane, accept _only_ exact matches.
+ */
+ if (ac->auth_context_flags & KRB5_AUTH_CONN_SANE_SEQ)
+ return in_seq == exp_seq;
+
+ /*
+ * If sender is not known to be sane, first check the ambiguous
+ * range of received values, 0xFF800000..0xFFFFFFFF.
+ */
+ if ((in_seq & 0xFF800000) == 0xFF800000) {
+ /*
+ * If expected sequence number is in the range
+ * 0xFF800000..0xFFFFFFFF, then we can't make any
+ * determinations about the sanity of the sending
+ * implementation.
+ */
+ if ((exp_seq & 0xFF800000) == 0xFF800000 && in_seq == exp_seq)
+ return 1;
+ /*
+ * If sender is not known for certain to be a broken Heimdal
+ * implementation, check for exact match.
+ */
+ if (!(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)
+ && in_seq == exp_seq)
+ return 1;
+ /*
+ * Now apply hairy algorithm for matching sequence numbers
+ * sent by broken Heimdal implementations. If it matches, we
+ * know for certain it's a broken Heimdal sender.
+ */
+ if (chk_heimdal_seqnum(exp_seq, in_seq)) {
+ ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+ return 1;
+ }
+ return 0;
+ }
+
+ /*
+ * Received value not in the ambiguous range? If the _expected_
+ * value is in the range of ambiguous Hemidal counter values, and
+ * it matches the received value, sender is known to be sane.
+ */
+ if (in_seq == exp_seq) {
+ if (( exp_seq & 0xFFFFFF80) == 0x00000080
+ || (exp_seq & 0xFFFF8000) == 0x00008000
+ || (exp_seq & 0xFF800000) == 0x00800000)
+ ac->auth_context_flags |= KRB5_AUTH_CONN_SANE_SEQ;
+ return 1;
+ }
+
+ /*
+ * Magic wraparound for the case where the intial sequence number
+ * is in the ambiguous range. This means that the sender's
+ * counter is at a different count than ours, so we correct ours,
+ * and mark the sender as being a broken Heimdal implementation.
+ */
+ if (exp_seq == 0
+ && !(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)) {
+ switch (in_seq) {
+ case 0x100:
+ case 0x10000:
+ case 0x1000000:
+ ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+ exp_seq = in_seq;
+ return 1;
+ default:
+ return 0;
+ }
+ }
+ return 0;
+}
+
+static krb5_boolean
+chk_heimdal_seqnum(krb5_ui_4 exp_seq, krb5_ui_4 in_seq)
+{
+ if (( exp_seq & 0xFF800000) == 0x00800000
+ && (in_seq & 0xFF800000) == 0xFF800000
+ && (in_seq & 0x00FFFFFF) == exp_seq)
+ return 1;
+ else if (( exp_seq & 0xFFFF8000) == 0x00008000
+ && (in_seq & 0xFFFF8000) == 0xFFFF8000
+ && (in_seq & 0x0000FFFF) == exp_seq)
+ return 1;
+ else if (( exp_seq & 0xFFFFFF80) == 0x00000080
+ && (in_seq & 0xFFFFFF80) == 0xFFFFFF80
+ && (in_seq & 0x000000FF) == exp_seq)
+ return 1;
+ else
+ return 0;
+}
diff --git a/src/lib/krb5/krb/auth_con.h b/src/lib/krb5/krb/auth_con.h
index d83d6b8..9543de3 100644
--- a/src/lib/krb5/krb/auth_con.h
+++ b/src/lib/krb5/krb/auth_con.h
@@ -9,12 +9,12 @@ struct _krb5_auth_context {
krb5_address * local_addr;
krb5_address * local_port;
krb5_keyblock * keyblock;
- krb5_keyblock * local_subkey;
- krb5_keyblock * remote_subkey;
+ krb5_keyblock * send_subkey;
+ krb5_keyblock * recv_subkey;
krb5_int32 auth_context_flags;
- krb5_int32 remote_seq_number;
- krb5_int32 local_seq_number;
+ krb5_ui_4 remote_seq_number;
+ krb5_ui_4 local_seq_number;
krb5_authenticator *authentp; /* mk_req, rd_req, mk_rep, ...*/
krb5_cksumtype req_cksumtype; /* mk_safe, ... */
krb5_cksumtype safe_cksumtype; /* mk_safe, ... */
@@ -30,5 +30,7 @@ struct _krb5_auth_context {
#define KRB5_AUTH_CONN_INITIALIZED 0x00010000
#define KRB5_AUTH_CONN_USED_W_MK_REQ 0x00020000
#define KRB5_AUTH_CONN_USED_W_RD_REQ 0x00040000
+#define KRB5_AUTH_CONN_SANE_SEQ 0x00080000
+#define KRB5_AUTH_CONN_HEIMDAL_SEQ 0x00100000
#endif
diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c
index bb2cfe9..a455cc4 100644
--- a/src/lib/krb5/krb/chpw.c
+++ b/src/lib/krb5/krb/chpw.c
@@ -1,11 +1,15 @@
+/*
+** set password functions added by Paul W. Nelson, Thursby Software Systems, Inc.
+*/
#include <string.h>
#include "k5-int.h"
#include "krb5_err.h"
#include "auth_con.h"
-krb5_error_code KRB5_CALLCONV
-krb5_mk_chpw_req(krb5_context context, krb5_auth_context auth_context, krb5_data *ap_req, char *passwd, krb5_data *packet)
+
+krb5_error_code
+krb5int_mk_chpw_req(krb5_context context, krb5_auth_context auth_context, krb5_data *ap_req, char *passwd, krb5_data *packet)
{
krb5_error_code ret = 0;
krb5_data clearpw;
@@ -66,8 +70,8 @@ cleanup:
return(ret);
}
-krb5_error_code KRB5_CALLCONV
-krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *packet, int *result_code, krb5_data *result_data)
+krb5_error_code
+krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *packet, int *result_code, krb5_data *result_data)
{
char *ptr;
int plen, vno;
@@ -116,8 +120,18 @@ krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data
ap_rep.data = ptr;
ptr += ap_rep.length;
- if ((ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc)))
+ /*
+ * Save send_subkey to later smash recv_subkey.
+ */
+ ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmp);
+ if (ret)
+ return ret;
+
+ ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+ if (ret) {
+ krb5_free_keyblock(context, tmp);
return(ret);
+ }
krb5_free_ap_rep_enc_part(context, ap_rep_enc);
@@ -126,18 +140,17 @@ krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data
cipherresult.data = ptr;
cipherresult.length = (packet->data + packet->length) - ptr;
- /* XXX there's no api to do this right. The problem is that
- if there's a remote subkey, it will be used. This is
- not what the spec requires */
-
- tmp = auth_context->remote_subkey;
- auth_context->remote_subkey = NULL;
+ /*
+ * Smash recv_subkey to be send_subkey, per spec.
+ */
+ ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmp);
+ krb5_free_keyblock(context, tmp);
+ if (ret)
+ return ret;
ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
&replay);
- auth_context->remote_subkey = tmp;
-
if (ret)
return(ret);
} else {
@@ -161,7 +174,7 @@ krb5_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data
*result_code = (*result_code<<8) | (*ptr++ & 0xff);
if ((*result_code < KRB5_KPASSWD_SUCCESS) ||
- (*result_code > KRB5_KPASSWD_SOFTERROR)) {
+ (*result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)) {
ret = KRB5KRB_AP_ERR_MODIFIED;
goto cleanup;
}
@@ -221,3 +234,284 @@ krb5_chpw_result_code_string(krb5_context context, int result_code, char **code_
return(0);
}
+
+krb5_error_code
+krb5int_mk_setpw_req(
+ krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_data *ap_req,
+ krb5_principal targprinc,
+ char *passwd,
+ krb5_data *packet )
+{
+ krb5_error_code ret;
+ krb5_data cipherpw;
+ krb5_data *encoded_setpw;
+
+ char *ptr;
+ int count = 2;
+
+ cipherpw.data = NULL;
+ cipherpw.length = 0;
+
+ if (ret = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE))
+ return(ret);
+
+ ret = encode_krb5_setpw_req(targprinc, passwd, &encoded_setpw);
+ if (ret) {
+ return ret;
+ }
+
+ if ( (ret = krb5_mk_priv(context, auth_context, encoded_setpw, &cipherpw, NULL)) != 0) {
+ krb5_free_data( context, encoded_setpw);
+ return(ret);
+ }
+ krb5_free_data( context, encoded_setpw);
+
+
+ packet->length = 6 + ap_req->length + cipherpw.length;
+ packet->data = (char *) malloc(packet->length);
+ if (packet->data == NULL) {
+ ret = ENOMEM;
+ goto cleanup;
+ }
+ ptr = packet->data;
+/*
+** build the packet -
+*/
+/* put in the length */
+ *ptr++ = (packet->length>>8) & 0xff;
+ *ptr++ = packet->length & 0xff;
+/* put in the version */
+ *ptr++ = (char)0xff;
+ *ptr++ = (char)0x80;
+/* the ap_req length is big endian */
+ *ptr++ = (ap_req->length>>8) & 0xff;
+ *ptr++ = ap_req->length & 0xff;
+/* put in the request data */
+ memcpy(ptr, ap_req->data, ap_req->length);
+ ptr += ap_req->length;
+/*
+** put in the "private" password data -
+*/
+ memcpy(ptr, cipherpw.data, cipherpw.length);
+ ret = 0;
+ cleanup:
+ if (cipherpw.data)
+ krb5_free_data_contents(context, &cipherpw);
+ if ((ret != 0) && packet->data) {
+ free( packet->data);
+ packet->data = NULL;
+ }
+ return ret;
+}
+
+krb5_error_code
+krb5int_rd_setpw_rep( krb5_context context, krb5_auth_context auth_context, krb5_data *packet,
+ int *result_code, krb5_data *result_data )
+{
+ char *ptr;
+ unsigned int message_length, version_number;
+ krb5_data ap_rep;
+ krb5_ap_rep_enc_part *ap_rep_enc;
+ krb5_error_code ret;
+ krb5_data cipherresult;
+ krb5_data clearresult;
+ krb5_replay_data replay;
+ krb5_keyblock *tmpkey;
+/*
+** validate the packet length -
+*/
+ if (packet->length < 4)
+ return(KRB5KRB_AP_ERR_MODIFIED);
+
+ ptr = packet->data;
+
+/*
+** see if it is an error
+*/
+ if (krb5_is_krb_error(packet)) {
+ krb5_error *krberror;
+ if (ret = krb5_rd_error(context, packet, &krberror))
+ return(ret);
+ if (krberror->e_data.data == NULL) {
+ ret = ERROR_TABLE_BASE_krb5 + krberror->error;
+ krb5_free_error(context, krberror);
+ return (ret);
+ }
+ clearresult = krberror->e_data;
+ krberror->e_data.data = NULL; /*So we can free it later*/
+ krberror->e_data.length = 0;
+ krb5_free_error(context, krberror);
+
+ } else { /* Not an error*/
+
+/*
+** validate the message length -
+** length is big endian
+*/
+ message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+ ptr += 2;
+/*
+** make sure the message length and packet length agree -
+*/
+ if (message_length != packet->length)
+ return(KRB5KRB_AP_ERR_MODIFIED);
+/*
+** get the version number -
+*/
+ version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+ ptr += 2;
+/*
+** make sure we support the version returned -
+*/
+/*
+** set password version is 0xff80, change password version is 1
+*/
+ if (version_number != 0xff80 && version_number != 1)
+ return(KRB5KDC_ERR_BAD_PVNO);
+/*
+** now fill in ap_rep with the reply -
+*/
+/*
+** get the reply length -
+*/
+ ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+ ptr += 2;
+/*
+** validate ap_rep length agrees with the packet length -
+*/
+ if (ptr + ap_rep.length >= packet->data + packet->length)
+ return(KRB5KRB_AP_ERR_MODIFIED);
+/*
+** if data was returned, set the ap_rep ptr -
+*/
+ if( ap_rep.length ) {
+ ap_rep.data = ptr;
+ ptr += ap_rep.length;
+
+ /*
+ * Save send_subkey to later smash recv_subkey.
+ */
+ ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmpkey);
+ if (ret)
+ return ret;
+
+ ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+ if (ret) {
+ krb5_free_keyblock(context, tmpkey);
+ return(ret);
+ }
+
+ krb5_free_ap_rep_enc_part(context, ap_rep_enc);
+/*
+** now decrypt the result -
+*/
+ cipherresult.data = ptr;
+ cipherresult.length = (packet->data + packet->length) - ptr;
+
+ /*
+ * Smash recv_subkey to be send_subkey, per spec.
+ */
+ ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmpkey);
+ krb5_free_keyblock(context, tmpkey);
+ if (ret)
+ return ret;
+
+ ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
+ NULL);
+ if (ret)
+ return(ret);
+ } /*We got an ap_rep*/
+ else
+ return (KRB5KRB_AP_ERR_MODIFIED);
+ } /*Response instead of error*/
+
+/*
+** validate the cleartext length
+*/
+ if (clearresult.length < 2) {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto cleanup;
+ }
+/*
+** now decode the result -
+*/
+ ptr = clearresult.data;
+
+ *result_code = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+ ptr += 2;
+
+/*
+** result code 5 is access denied
+*/
+ if ((*result_code < KRB5_KPASSWD_SUCCESS) || (*result_code > 5))
+ {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto cleanup;
+ }
+/*
+** all success replies should be authenticated/encrypted
+*/
+ if( (ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS) )
+ {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto cleanup;
+ }
+
+ if (result_data) {
+ result_data->length = (clearresult.data + clearresult.length) - ptr;
+
+ if (result_data->length)
+ {
+ result_data->data = (char *) malloc(result_data->length);
+ if (result_data->data)
+ memcpy(result_data->data, ptr, result_data->length);
+ }
+ else
+ result_data->data = NULL;
+ }
+ ret = 0;
+
+ cleanup:
+ krb5_free_data_contents(context, &clearresult);
+ return(ret);
+}
+
+krb5_error_code
+krb5int_setpw_result_code_string( krb5_context context, int result_code, const char **code_string )
+{
+ switch (result_code)
+ {
+ case KRB5_KPASSWD_MALFORMED:
+ *code_string = "Malformed request error";
+ break;
+ case KRB5_KPASSWD_HARDERROR:
+ *code_string = "Server error";
+ break;
+ case KRB5_KPASSWD_AUTHERROR:
+ *code_string = "Authentication error";
+ break;
+ case KRB5_KPASSWD_SOFTERROR:
+ *code_string = "Password change rejected";
+ break;
+ case 5: /* access denied */
+ *code_string = "Access denied";
+ break;
+ case 6: /* bad version */
+ *code_string = "Wrong protocol version";
+ break;
+ case 7: /* initial flag is needed */
+ *code_string = "Initial password required";
+ break;
+ case 0:
+ *code_string = "Success";
+ default:
+ *code_string = "Password change failed";
+ break;
+ }
+
+ return(0);
+}
+
diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c
new file mode 100644
index 0000000..3a4e66d
--- /dev/null
+++ b/src/lib/krb5/krb/conv_creds.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose. It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+#if defined(KRB5_KRB4_COMPAT) || defined(_WIN32) /* yuck */
+#include "kerberosIV/krb.h"
+
+#ifdef USE_CCAPI
+#include <CredentialsCache.h>
+#endif
+
+#define krb524_debug krb5int_krb524_debug
+int krb524_debug = 0;
+
+static krb5_error_code krb524_convert_creds_plain
+(krb5_context context, krb5_creds *v5creds,
+ CREDENTIALS *v4creds);
+
+static int decode_v4tkt
+ (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
+
+krb5_error_code KRB5_CALLCONV
+krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
+ CREDENTIALS *v4creds)
+{
+ krb5_error_code ret;
+ krb5_data reply;
+ char *p;
+ struct sockaddr_storage ss;
+ socklen_t slen = sizeof(ss);
+
+ ret = krb524_convert_creds_plain(context, v5creds, v4creds);
+ if (ret)
+ return ret;
+
+ reply.data = NULL;
+ ret = krb5int_524_sendto_kdc(context, &v5creds->ticket,
+ &v5creds->server->realm, &reply,
+ ss2sa(&ss), &slen);
+ if (ret)
+ return ret;
+
+#if TARGET_OS_MAC
+#ifdef USE_CCAPI
+ v4creds->stk_type = cc_v4_stk_des;
+#endif
+ if (slen == sizeof(struct sockaddr_in)
+ && ss2sa(&ss)->sa_family == AF_INET) {
+ v4creds->address = ss2sin(&ss)->sin_addr.s_addr;
+ }
+ /* Otherwise, leave it set to all-zero. */
+#endif
+
+ p = reply.data;
+ ret = ntohl(*((krb5_error_code *) p));
+ p += sizeof(krb5_int32);
+ reply.length -= sizeof(krb5_int32);
+ if (ret)
+ goto fail;
+
+ v4creds->kvno = ntohl(*((krb5_error_code *) p));
+ p += sizeof(krb5_int32);
+ reply.length -= sizeof(krb5_int32);
+ ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length);
+
+fail:
+ if (reply.data)
+ free(reply.data);
+ reply.data = NULL;
+ return ret;
+}
+
+static krb5_error_code
+krb524_convert_creds_plain(context, v5creds, v4creds)
+ krb5_context context;
+ krb5_creds *v5creds;
+ CREDENTIALS *v4creds;
+{
+ int ret;
+ krb5_timestamp endtime;
+ char dummy[REALM_SZ];
+ memset((char *) v4creds, 0, sizeof(CREDENTIALS));
+
+ if ((ret = krb5_524_conv_principal(context, v5creds->client,
+ v4creds->pname, v4creds->pinst,
+ dummy)))
+ return ret;
+ if ((ret = krb5_524_conv_principal(context, v5creds->server,
+ v4creds->service, v4creds->instance,
+ v4creds->realm)))
+ return ret;
+
+ /* Check enctype too */
+ if (v5creds->keyblock.length != sizeof(C_Block)) {
+ if (krb524_debug)
+ fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n",
+ v5creds->keyblock.length,
+ (int) sizeof(C_Block));
+ return KRB524_BADKEY;
+ } else
+ memcpy(v4creds->session, (char *) v5creds->keyblock.contents,
+ sizeof(C_Block));
+
+ /* V4 has no concept of authtime or renew_till, so ignore them */
+ v4creds->issue_date = v5creds->times.starttime;
+ v4creds->lifetime = krb5int_krb_time_to_life(v5creds->times.starttime,
+ v5creds->times.endtime);
+ endtime = krb5int_krb_life_to_time(v4creds->issue_date,
+ v4creds->lifetime);
+ /*
+ * Adjust start time backwards to deal with rounding up in
+ * krb_time_to_life(), to match code on server side.
+ */
+ if (endtime > v5creds->times.endtime)
+ v4creds->issue_date -= endtime - v5creds->times.endtime;
+
+ return 0;
+}
+
+/* this used to be krb524/encode.c, under same copyright as above */
+/*
+ * I'm sure that this is reinventing the wheel, but I don't know where
+ * the wheel is hidden.
+ */
+
+int encode_v4tkt (KTEXT_ST *, char *, unsigned int *);
+static int encode_bytes (char **, int *, char *, unsigned int),
+ encode_int32 (char **, int *, krb5_int32 *);
+
+static int decode_bytes (char **, int *, char *, unsigned int),
+ decode_int32 (char **, int *, krb5_int32 *);
+
+static int encode_bytes(out, outlen, in, len)
+ char **out;
+ int *outlen;
+ char *in;
+ unsigned int len;
+{
+ if (len > *outlen)
+ return KRB524_ENCFULL;
+ memcpy(*out, in, len);
+ *out += len;
+ *outlen -= len;
+ return 0;
+}
+
+static int encode_int32(out, outlen, v)
+ char **out;
+ int *outlen;
+ krb5_int32 *v;
+{
+ krb5_int32 nv; /* Must be 4 bytes */
+
+ nv = htonl(*v);
+ return encode_bytes(out, outlen, (char *) &nv, sizeof(nv));
+}
+
+int krb5int_encode_v4tkt(v4tkt, buf, encoded_len)
+ KTEXT_ST *v4tkt;
+ char *buf;
+ unsigned int *encoded_len;
+{
+ int buflen, ret;
+
+ buflen = *encoded_len;
+
+ if ((ret = encode_int32(&buf, &buflen, &v4tkt->length)))
+ return ret;
+ if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
+ return ret;
+ if ((ret = encode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
+ return ret;
+
+ *encoded_len -= buflen;
+ return 0;
+}
+
+/* decode functions */
+
+static int decode_bytes(out, outlen, in, len)
+ char **out;
+ int *outlen;
+ char *in;
+ unsigned int len;
+{
+ if (len > *outlen)
+ return KRB524_DECEMPTY;
+ memcpy(in, *out, len);
+ *out += len;
+ *outlen -= len;
+ return 0;
+}
+
+static int decode_int32(out, outlen, v)
+ char **out;
+ int *outlen;
+ krb5_int32 *v;
+{
+ int ret;
+ krb5_int32 nv; /* Must be four bytes */
+
+ if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))))
+ return ret;
+ *v = ntohl(nv);
+ return 0;
+}
+
+static int decode_v4tkt(v4tkt, buf, encoded_len)
+ KTEXT_ST *v4tkt;
+ char *buf;
+ unsigned int *encoded_len;
+{
+ int buflen, ret;
+
+ buflen = *encoded_len;
+ if ((ret = decode_int32(&buf, &buflen, &v4tkt->length)))
+ return ret;
+ if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
+ return ret;
+ if ((ret = decode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
+ return ret;
+ *encoded_len -= buflen;
+ return 0;
+}
+
+#else /* no krb4 compat */
+
+krb5_error_code KRB5_CALLCONV
+krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
+ struct credentials *v4creds)
+{
+ return KRB524_KRB4_DISABLED;
+}
+
+#endif
+
+/* These may be needed for object-level backwards compatibility on Mac
+ OS and UNIX, but Windows should be okay. */
+#ifndef _WIN32
+#undef krb524_convert_creds_kdc
+krb5_error_code KRB5_CALLCONV
+krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
+ struct credentials *v4creds)
+{
+ return krb5_524_convert_creds(context, v5creds, v4creds);
+}
+
+#undef krb524_init_ets
+void KRB5_CALLCONV krb524_init_ets ()
+{
+}
+#endif
diff --git a/src/lib/krb5/krb/copy_data.c b/src/lib/krb5/krb/copy_data.c
index 2899c5a..1be2a2d 100644
--- a/src/lib/krb5/krb/copy_data.c
+++ b/src/lib/krb5/krb/copy_data.c
@@ -58,3 +58,25 @@ krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdat
*outdata = tempdata;
return 0;
}
+
+krb5_error_code
+krb5int_copy_data_contents(krb5_context context, const krb5_data *indata, krb5_data *outdata)
+{
+ if (!indata) {
+ return EINVAL;
+ }
+
+
+ outdata->length = indata->length;
+ if (outdata->length) {
+ if (!(outdata->data = malloc(outdata->length))) {
+ krb5_xfree(outdata);
+ return ENOMEM;
+ }
+ memcpy((char *)outdata->data, (char *)indata->data, outdata->length);
+ } else
+ outdata->data = 0;
+ outdata->magic = KV5M_DATA;
+
+ return 0;
+}
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index aa42f8c..4e2c8f0 100644
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -56,6 +56,7 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r
int free_rhost = 0;
krb5_enctype enctype = 0;
krb5_keyblock *session_key;
+ krb5_boolean old_use_conf_ktypes = context->use_conf_ktypes;
memset((char *)&creds, 0, sizeof(creds));
memset((char *)&tgt, 0, sizeof(creds));
@@ -109,8 +110,10 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r
goto errout;
/* fetch tgt directly from cache */
+ context->use_conf_ktypes = 1;
retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
&creds, &tgt);
+ context->use_conf_ktypes = old_use_conf_ktypes;
if (retval)
goto errout;
@@ -161,9 +164,15 @@ retval = KRB5_FWD_BAD_PRINCIPAL;
kdcoptions &= ~(KDC_OPT_FORWARDABLE);
if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
- addrs, &creds, &pcreds)))
- goto errout;
-
+ addrs, &creds, &pcreds))) {
+ if (enctype) {
+ creds.keyblock.enctype = 0;
+ if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
+ addrs, &creds, &pcreds)))
+ goto errout;
+ }
+ else goto errout;
+ }
retval = krb5_mk_1cred(context, auth_context, pcreds,
&scratch, &replaydata);
krb5_free_creds(context, pcreds);
diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c
index fdf00e6..8ca62cc 100644
--- a/src/lib/krb5/krb/gc_frm_kdc.c
+++ b/src/lib/krb5/krb/gc_frm_kdc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994 by the Massachusetts Institute of Technology.
+ * Copyright (c) 1994,2003 by the Massachusetts Institute of Technology.
* Copyright (c) 1994 CyberSAFE Corporation
* Copyright (c) 1993 Open Computing Security Group
* Copyright (c) 1990,1991 by the Massachusetts Institute of Technology.
@@ -76,6 +76,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
krb5_principal *top_server = NULL;
krb5_principal *next_server = NULL;
unsigned int nservers = 0;
+ krb5_boolean old_use_conf_ktypes = context->use_conf_ktypes;
/* in case we never get a TGT, zero the return */
@@ -114,6 +115,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
goto cleanup;
}
+ context->use_conf_ktypes = 1;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
@@ -231,21 +233,17 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
krb5_free_cred_contents(context, &tgtq);
memset(&tgtq, 0, sizeof(tgtq));
-#ifdef HAVE_C_STRUCTURE_ASSIGNMENT
tgtq.times = tgt.times;
-#else
- memcpy(&tgtq.times, &tgt.times, sizeof(krb5_ticket_times));
-#endif
-
if ((retval = krb5_copy_principal(context, tgt.client, &tgtq.client)))
goto cleanup;
if ((retval = krb5_copy_principal(context, int_server, &tgtq.server)))
goto cleanup;
tgtq.is_skey = FALSE;
tgtq.ticket_flags = tgt.ticket_flags;
- if ((retval = krb5_get_cred_via_tkt(context, &tgt,
- FLAGS2OPTS(tgtq.ticket_flags),
- tgt.addresses, &tgtq, &tgtr))) {
+ retval = krb5_get_cred_via_tkt(context, &tgt,
+ FLAGS2OPTS(tgtq.ticket_flags),
+ tgt.addresses, &tgtq, &tgtr);
+ if (retval) {
/*
* couldn't get one so now loop backwards through the realms
@@ -301,12 +299,12 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
goto cleanup;
tgtq.is_skey = FALSE;
tgtq.ticket_flags = tgt.ticket_flags;
- if ((retval = krb5_get_cred_via_tkt(context, &tgt,
- FLAGS2OPTS(tgtq.ticket_flags),
- tgt.addresses,
- &tgtq, &tgtr))) {
+ retval = krb5_get_cred_via_tkt(context, &tgt,
+ FLAGS2OPTS(tgtq.ticket_flags),
+ tgt.addresses,
+ &tgtq, &tgtr);
+ if (retval)
continue;
- }
/* save tgt in return array */
if ((retval = krb5_copy_creds(context, tgtr,
@@ -341,7 +339,9 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
for (next_server = top_server; *next_server; next_server++) {
krb5_data *realm_1 = krb5_princ_component(context, next_server[0], 1);
krb5_data *realm_2 = krb5_princ_component(context, tgtr->server, 1);
- if (realm_1->length == realm_2->length &&
+ if (realm_1 != NULL &&
+ realm_2 != NULL &&
+ realm_1->length == realm_2->length &&
!memcmp(realm_1->data, realm_2->data, realm_1->length)) {
break;
}
@@ -374,10 +374,12 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
goto cleanup;
}
- retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgt.ticket_flags) |
- kdcopt |
- (in_cred->second_ticket.length ?
- KDC_OPT_ENC_TKT_IN_SKEY : 0),
+ context->use_conf_ktypes = old_use_conf_ktypes;
+ retval = krb5_get_cred_via_tkt(context, &tgt,
+ FLAGS2OPTS(tgt.ticket_flags) |
+ kdcopt |
+ (in_cred->second_ticket.length ?
+ KDC_OPT_ENC_TKT_IN_SKEY : 0),
tgt.addresses, in_cred, out_cred);
/* cleanup and return */
@@ -393,6 +395,7 @@ cleanup:
if (ret_tgts) free(ret_tgts);
krb5_free_cred_contents(context, &tgt);
}
+ context->use_conf_ktypes = old_use_conf_ktypes;
return(retval);
}
diff --git a/src/lib/krb5/krb/gen_seqnum.c b/src/lib/krb5/krb/gen_seqnum.c
index 196a437..3737640 100644
--- a/src/lib/krb5/krb/gen_seqnum.c
+++ b/src/lib/krb5/krb/gen_seqnum.c
@@ -36,7 +36,7 @@
#endif
krb5_error_code
-krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_int32 *seqno)
+krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno)
{
krb5_data seed;
krb5_error_code retval;
@@ -48,5 +48,20 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_in
seed.length = sizeof(*seqno);
seed.data = (char *) seqno;
- return(krb5_c_random_make_octets(context, &seed));
+ retval = krb5_c_random_make_octets(context, &seed);
+ if (retval)
+ return retval;
+ /*
+ * Work around implementation incompatibilities by not generating
+ * initial sequence numbers greater than 2^30. Previous MIT
+ * implementations use signed sequence numbers, so initial
+ * sequence numbers 2^31 to 2^32-1 inclusive will be rejected.
+ * Letting the maximum initial sequence number be 2^30-1 allows
+ * for about 2^30 messages to be sent before wrapping into
+ * "negative" numbers.
+ */
+ *seqno &= 0x3fffffff;
+ if (*seqno == 0)
+ *seqno = 1;
+ return 0;
}
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index dc06c53..df5ebaf 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1,7 +1,7 @@
/*
* lib/krb5/krb/get_in_tkt.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991, 2003 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -262,6 +262,7 @@ verify_as_reply(krb5_context context,
(request->rtime != 0) &&
(as_reply->enc_part2->times.renew_till > request->rtime))
|| ((request->kdc_options & KDC_OPT_RENEWABLE_OK) &&
+ !(request->kdc_options & KDC_OPT_RENEWABLE) &&
(as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) &&
(request->till != 0) &&
(as_reply->enc_part2->times.renew_till > request->till))
@@ -409,6 +410,15 @@ make_preauth_list(krb5_context context,
}
#define MAX_IN_TKT_LOOPS 16
+static krb5_enctype get_in_tkt_enctypes[] = {
+ ENCTYPE_DES3_CBC_SHA1,
+ ENCTYPE_ARCFOUR_HMAC,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES_CBC_MD4,
+ ENCTYPE_DES_CBC_CRC,
+ 0
+};
+
krb5_error_code KRB5_CALLCONV
krb5_get_in_tkt(krb5_context context,
@@ -460,8 +470,13 @@ krb5_get_in_tkt(krb5_context context,
request.from = creds->times.starttime;
request.till = creds->times.endtime;
request.rtime = creds->times.renew_till;
- if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
+
+ request.ktype = malloc (sizeof(get_in_tkt_enctypes));
+ if (request.ktype == NULL) {
+ retval = ENOMEM;
goto cleanup;
+ }
+ memcpy(request.ktype, get_in_tkt_enctypes, sizeof(get_in_tkt_enctypes));
for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
if (ktypes) {
int i, req, next = 0;
@@ -734,6 +749,7 @@ krb5_get_init_creds(krb5_context context,
krb5_deltat renew_life;
int loopcount;
krb5_data salt;
+ krb5_data s2kparams;
krb5_keyblock as_key;
krb5_error *err_reply;
krb5_kdc_rep *local_as_reply;
@@ -742,6 +758,8 @@ krb5_get_init_creds(krb5_context context,
/* initialize everything which will be freed at cleanup */
+ s2kparams.data = NULL;
+ s2kparams.length = 0;
request.server = NULL;
request.ktype = NULL;
request.addresses = NULL;
@@ -761,7 +779,7 @@ krb5_get_init_creds(krb5_context context,
/* request.padata is filled in later */
- request.kdc_options = 0;
+ request.kdc_options = context->kdc_default_options;
/* forwardable */
@@ -854,11 +872,13 @@ krb5_get_init_creds(krb5_context context,
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE))
request.till += options->tkt_life;
else
- request.till += 10*60*60; /* this used to be hardcoded in kinit.c */
+ request.till += 24*60*60; /* this used to be hardcoded in kinit.c */
if (renew_life > 0) {
request.rtime = request.from;
request.rtime += renew_life;
+ if (request.rtime >= request.till)
+ request.kdc_options &= ~(KDC_OPT_RENEWABLE_OK);
} else {
request.rtime = 0;
}
@@ -927,7 +947,7 @@ krb5_get_init_creds(krb5_context context,
if ((ret = krb5_do_preauth(context, &request,
padata, &request.padata,
- &salt, &etype, &as_key, prompter,
+ &salt, &s2kparams, &etype, &as_key, prompter,
prompter_data, gak_fct, gak_data)))
goto cleanup;
@@ -973,7 +993,7 @@ krb5_get_init_creds(krb5_context context,
if ((ret = krb5_do_preauth(context, &request,
local_as_reply->padata, &padata,
- &salt, &etype, &as_key, prompter,
+ &salt, &s2kparams, &etype, &as_key, prompter,
prompter_data, gak_fct, gak_data)))
goto cleanup;
@@ -1005,7 +1025,7 @@ krb5_get_init_creds(krb5_context context,
if ((ret = ((*gak_fct)(context, request.client,
local_as_reply->enc_part.enctype,
- prompter, prompter_data, &salt,
+ prompter, prompter_data, &salt, &s2kparams,
&as_key, gak_data))))
goto cleanup;
@@ -1050,6 +1070,7 @@ cleanup:
if (salt.data &&
(!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT))))
krb5_xfree(salt.data);
+ krb5_free_data_contents(context, &s2kparams);
if (as_reply)
*as_reply = local_as_reply;
else if (local_as_reply)
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index a7cb773..38a88ee 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -1,3 +1,29 @@
+/*
+ * lib/krb5/krb/gic_keytab.c
+ *
+ * Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
#include "k5-int.h"
static krb5_error_code
@@ -8,6 +34,7 @@ krb5_get_as_key_keytab(
krb5_prompter_fct prompter,
void *prompter_data,
krb5_data *salt,
+ krb5_data *params,
krb5_keyblock *as_key,
void *gak_data)
{
@@ -115,3 +142,57 @@ cleanup:
return(ret);
}
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
+ krb5_address *const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types,
+ krb5_keytab arg_keytab, krb5_ccache ccache,
+ krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+ krb5_error_code retval;
+ krb5_get_init_creds_opt opt;
+ char * server = NULL;
+ krb5_keytab keytab;
+ krb5_principal client_princ, server_princ;
+
+ krb5int_populate_gic_opt(context, &opt,
+ options, addrs, ktypes,
+ pre_auth_types);
+ if (arg_keytab == NULL) {
+ retval = krb5_kt_default(context, &keytab);
+ if (retval)
+ return retval;
+ }
+ else keytab = arg_keytab;
+
+ retval = krb5_unparse_name( context, creds->server, &server);
+ if (retval)
+ goto cleanup;
+ server_princ = creds->server;
+ client_princ = creds->client;
+ retval = krb5_get_init_creds (context,
+ creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, &opt,
+ krb5_get_as_key_keytab, (void *)keytab,
+ 0, ret_as_reply);
+ krb5_free_unparsed_name( context, server);
+ if (retval) {
+ goto cleanup;
+ }
+ if (creds->server)
+ krb5_free_principal( context, creds->server);
+ if (creds->client)
+ krb5_free_principal( context, creds->client);
+ creds->client = client_princ;
+ creds->server = server_princ;
+
+ /* store it in the ccache! */
+ if (ccache)
+ if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+ goto cleanup;
+ cleanup: if (arg_keytab == NULL)
+ krb5_kt_close(context, keytab);
+ return retval;
+}
+
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 7b5e0ba..af95b97 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -9,6 +9,7 @@ krb5_get_as_key_password(
krb5_prompter_fct prompter,
void *prompter_data,
krb5_data *salt,
+ krb5_data *params,
krb5_keyblock *as_key,
void *gak_data)
{
@@ -42,7 +43,7 @@ krb5_get_as_key_password(
return(EIO);
if ((ret = krb5_unparse_name(context, client, &clientstr)))
- return(ret);
+ return(ret);
strcpy(promptstr, "Password for ");
strncat(promptstr, clientstr, sizeof(promptstr)-strlen(promptstr)-1);
@@ -74,7 +75,8 @@ krb5_get_as_key_password(
defsalt.length = 0;
}
- ret = krb5_c_string_to_key(context, etype, password, salt, as_key);
+ ret = krb5_c_string_to_key_with_params(context, etype, password, salt,
+ params->data?params:NULL, as_key);
if (defsalt.length)
krb5_xfree(defsalt.data);
@@ -144,6 +146,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
if (!use_master) {
use_master = 1;
+ if (as_reply) {
+ krb5_free_kdc_rep( context, as_reply);
+ as_reply = NULL;
+ }
ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
start_time, in_tkt_service, options,
krb5_get_as_key_password, (void *) &pw0,
@@ -158,7 +164,8 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
slave we were able to contact */
if ((ret2 == KRB5_KDC_UNREACH) ||
- (ret2 == KRB5_REALM_CANT_RESOLVE))
+ (ret2 == KRB5_REALM_CANT_RESOLVE) ||
+ (ret2 == KRB5_REALM_UNKNOWN))
goto cleanup;
ret = ret2;
@@ -366,3 +373,109 @@ cleanup:
return(ret);
}
+void krb5int_populate_gic_opt (
+ krb5_context context, krb5_get_init_creds_opt *opt,
+ krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types)
+{
+ int i;
+ krb5_get_init_creds_opt_init(opt);
+ if (addrs)
+ krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
+ if (ktypes) {
+ for (i=0; ktypes[i]; i++);
+ if (i)
+ krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
+ }
+ if (pre_auth_types) {
+ for (i=0; pre_auth_types[i]; i++);
+ if (i)
+ krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
+ }
+ if (options&KDC_OPT_FORWARDABLE)
+ krb5_get_init_creds_opt_set_forwardable(opt, 1);
+ else krb5_get_init_creds_opt_set_forwardable(opt, 0);
+ if (options&KDC_OPT_PROXIABLE)
+ krb5_get_init_creds_opt_set_proxiable(opt, 1);
+ else krb5_get_init_creds_opt_set_proxiable(opt, 0);
+
+
+}
+
+/*
+ Rewrites get_in_tkt in terms of newer get_init_creds API.
+ Attempts to get an initial ticket for creds->client to use server
+ creds->server, (realm is taken from creds->client), with options
+ options, and using creds->times.starttime, creds->times.endtime,
+ creds->times.renew_till as from, till, and rtime.
+ creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+
+ If addrs is non-NULL, it is used for the addresses requested. If it is
+ null, the system standard addresses are used.
+
+ If password is non-NULL, it is converted using the cryptosystem entry
+ point for a string conversion routine, seeded with the client's name.
+ If password is passed as NULL, the password is read from the terminal,
+ and then converted into a key.
+
+ A succesful call will place the ticket in the credentials cache ccache.
+
+ returns system errors, encryption errors
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
+ krb5_address *const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types,
+ const char *password, krb5_ccache ccache,
+ krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+ krb5_error_code retval;
+ krb5_data pw0;
+ char pw0array[1024];
+ krb5_get_init_creds_opt opt;
+ char * server;
+ krb5_principal server_princ, client_princ;
+
+ pw0array[0] = '\0';
+ pw0.data = pw0array;
+ if (password) {
+ pw0.length = strlen(password);
+ if (pw0.length > sizeof(pw0array))
+ return EINVAL;
+ strncpy(pw0.data, password, sizeof(pw0array));
+ if (pw0.length == 0)
+ pw0.length = sizeof(pw0array);
+ } else {
+ pw0.length = sizeof(pw0array);
+ }
+ krb5int_populate_gic_opt(context, &opt,
+ options, addrs, ktypes,
+ pre_auth_types);
+ retval = krb5_unparse_name( context, creds->server, &server);
+ if (retval)
+ return (retval);
+ server_princ = creds->server;
+ client_princ = creds->client;
+ retval = krb5_get_init_creds (context,
+ creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, &opt,
+ krb5_get_as_key_password, &pw0,
+ 0, ret_as_reply);
+ krb5_free_unparsed_name( context, server);
+ if (retval) {
+ return (retval);
+ }
+ if (creds->server)
+ krb5_free_principal( context, creds->server);
+ if (creds->client)
+ krb5_free_principal( context, creds->client);
+ creds->client = client_princ;
+ creds->server = server_princ;
+ /* store it in the ccache! */
+ if (ccache)
+ if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+ return (retval);
+ return retval;
+ }
+
diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
deleted file mode 100644
index db4f3b4..0000000
--- a/src/lib/krb5/krb/in_tkt_ktb.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * lib/krb5/krb/in_tkt_ktb.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5_get_in_tkt_with_keytab()
- *
- */
-
-#include "k5-int.h"
-
-struct keytab_keyproc_arg {
- krb5_keytab keytab;
- krb5_principal client;
-};
-
-/*
- * Key-generator for in_tkt_keytab, below.
- * "keyseed" is actually a krb5_keytab, or NULL if we should fetch
- * from system area.
- */
-static krb5_error_code keytab_keyproc
- (krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **);
-
-static krb5_error_code
-keytab_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
- krb5_const_pointer keyseed, krb5_keyblock **key)
-{
- const struct keytab_keyproc_arg * arg =
- (const struct keytab_keyproc_arg *)keyseed;
- krb5_keyblock *realkey;
- krb5_error_code retval = 0;
- krb5_keytab kt_id;
- krb5_keytab_entry kt_ent;
-
- kt_id = arg->keytab;
-
- if (!krb5_c_valid_enctype(type))
- return KRB5_PROG_ETYPE_NOSUPP;
-
- if (kt_id == NULL)
- /* Fetch from default keytab location */
- if ((retval = krb5_kt_default(context, &kt_id)))
- return retval;
-
-
- if ((retval = krb5_kt_get_entry(context, kt_id, arg->client,
- 0, /* don't have vno available */
- type, &kt_ent)))
- goto cleanup;
-
- if ((retval = krb5_copy_keyblock(context, &kt_ent.key, &realkey))) {
- (void) krb5_kt_free_entry(context, &kt_ent);
- goto cleanup;
- }
-
- (void) krb5_kt_free_entry(context, &kt_ent);
- *key = realkey;
-
-cleanup:
- if (! arg->keytab)
- krb5_kt_close(context, kt_id);
- return retval;
-}
-
-/*
- Similar to krb5_get_in_tkt_with_skey.
-
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
-
- If addrs is non-NULL, it is used for the addresses requested. If it is
- null, the system standard addresses are used.
-
- A succesful call will place the ticket in the credentials cache ccache.
-
- returns system errors, encryption errors
-
- */
-krb5_error_code KRB5_CALLCONV
-krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
- krb5_address *const *addrs, krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types,
- krb5_keytab keytab, krb5_ccache ccache,
- krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
-{
- struct keytab_keyproc_arg arg;
-
- arg.keytab = keytab;
- arg.client = creds->client;
-
- return(krb5_get_in_tkt(context, options, addrs, ktypes,
- pre_auth_types,
- keytab_keyproc, (krb5_pointer)&arg,
- krb5_kdc_rep_decrypt_proc, 0, creds,
- ccache, ret_as_reply));
-}
diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c
deleted file mode 100644
index 1d9ad2e..0000000
--- a/src/lib/krb5/krb/in_tkt_pwd.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * lib/krb5/krb/in_tkt_pwd.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5_get_in_tkt_with_password()
- */
-
-#include "k5-int.h"
-
-extern char *krb5_default_pwd_prompt1;
-
-/*
- * key-producing procedure for use by krb5_get_in_tkt_with_password.
- */
-static krb5_error_code pwd_keyproc
- (krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **);
-
-static krb5_error_code
-pwd_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
- krb5_const_pointer keyseed, krb5_keyblock **key)
-{
- krb5_error_code retval;
- krb5_data * password;
- unsigned int pwsize;
-
- password = (krb5_data *)keyseed;
-
- if (!password->length) {
- pwsize = BUFSIZ;
- if ((password->data = malloc(pwsize)) == NULL)
- return ENOMEM;
-
- if ((retval = krb5_read_password(context, krb5_default_pwd_prompt1, 0,
- password->data, &pwsize))) {
- return retval;
- }
- password->length = pwsize;
- }
-
- if (!(*key = (krb5_keyblock *)malloc(sizeof(**key))))
- return ENOMEM;
-
- if ((retval = krb5_c_string_to_key(context, type, password, salt, *key)))
- krb5_xfree(*key);
-
- return(retval);
-}
-
-/*
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
-
- If addrs is non-NULL, it is used for the addresses requested. If it is
- null, the system standard addresses are used.
-
- If password is non-NULL, it is converted using the cryptosystem entry
- point for a string conversion routine, seeded with the client's name.
- If password is passed as NULL, the password is read from the terminal,
- and then converted into a key.
-
- A succesful call will place the ticket in the credentials cache ccache.
-
- returns system errors, encryption errors
- */
-krb5_error_code KRB5_CALLCONV
-krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
- krb5_address *const *addrs, krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types,
- const char *password, krb5_ccache ccache,
- krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
-{
- krb5_error_code retval;
- krb5_data data;
-
-
- if ((data.data = (char *)password)) {
- data.length = strlen(password);
- } else {
- data.length = 0;
- }
-
- retval = krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
- pwd_keyproc, (krb5_pointer) &data,
- krb5_kdc_rep_decrypt_proc, 0,
- creds, ccache, ret_as_reply);
-
- if ((password == NULL) && (data.data)) {
- memset(data.data, 0, strlen(data.data));
- free(data.data);
- }
-
- return retval;
-}
-
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 59b6123..2740d83 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -1,7 +1,7 @@
/*
* lib/krb5/krb/init_ctx.c
*
- * Copyright 1994,1999,2000, 2002 by the Massachusetts Institute of Technology.
+ * Copyright 1994,1999,2000, 2002, 2003 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -65,9 +65,15 @@
them. This'll be fixed, but for better compatibility, let's prefer
des-crc for now. */
#define DEFAULT_ETYPE_LIST \
+ "aes256-cts-hmac-sha1-96 " \
+ "aes128-cts-hmac-sha1-96 " \
"des3-cbc-sha1 arcfour-hmac-md5 " \
"des-cbc-crc des-cbc-md5 des-cbc-md4 "
+/* Not included:
+ "aes128-cts-hmac-sha1-96 " \
+ */
+
#if (defined(_WIN32))
extern krb5_error_code krb5_vercheck();
extern void krb5_win_ccdll_load(krb5_context context);
@@ -142,6 +148,13 @@ init_common (krb5_context *context, krb5_boolean secure)
if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
goto cleanup;
+ ctx->conf_tgs_ktypes = calloc(ctx->tgs_ktype_count, sizeof(krb5_enctype));
+ if (ctx->conf_tgs_ktypes == NULL && ctx->tgs_ktype_count != 0)
+ goto cleanup;
+ memcpy(ctx->conf_tgs_ktypes, ctx->tgs_ktypes,
+ sizeof(krb5_enctype) * ctx->tgs_ktype_count);
+ ctx->conf_tgs_ktypes_count = ctx->tgs_ktype_count;
+
if ((retval = krb5_os_init_context(ctx)))
goto cleanup;
@@ -189,11 +202,7 @@ init_common (krb5_context *context, krb5_boolean secure)
"kdc_default_options", 0,
KDC_OPT_RENEWABLE_OK, &tmp);
ctx->kdc_default_options = tmp;
-#if TARGET_OS_MAC
#define DEFAULT_KDC_TIMESYNC 1
-#else
-#define DEFAULT_KDC_TIMESYNC 0
-#endif
profile_get_integer(ctx->profile, "libdefaults",
"kdc_timesync", 0, DEFAULT_KDC_TIMESYNC,
&tmp);
@@ -207,16 +216,13 @@ init_common (krb5_context *context, krb5_boolean secure)
* Note: DCE 1.0.3a only supports a cache type of 1
* DCE 1.1 supports a cache type of 2.
*/
-#if TARGET_OS_MAC
#define DEFAULT_CCACHE_TYPE 4
-#else
-#define DEFAULT_CCACHE_TYPE 3
-#endif
profile_get_integer(ctx->profile, "libdefaults", "ccache_type",
0, DEFAULT_CCACHE_TYPE, &tmp);
ctx->fcc_default_format = tmp + 0x0500;
ctx->scc_default_format = tmp + 0x0500;
ctx->prompt_types = 0;
+ ctx->use_conf_ktypes = 0;
ctx->udp_pref_limit = -1;
*context = ctx;
@@ -243,6 +249,11 @@ krb5_free_context(krb5_context ctx)
ctx->tgs_ktypes = 0;
}
+ if (ctx->conf_tgs_ktypes) {
+ free(ctx->conf_tgs_ktypes);
+ ctx->conf_tgs_ktypes = 0;
+ }
+
if (ctx->default_realm) {
free(ctx->default_realm);
ctx->default_realm = 0;
@@ -291,7 +302,8 @@ krb5_set_default_in_tkt_ktypes(krb5_context context, const krb5_enctype *ktypes)
}
static krb5_error_code
-get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profstr, int ctx_count, krb5_enctype *ctx_list)
+get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profstr,
+ int ctx_count, krb5_enctype *ctx_list)
{
krb5_enctype *old_ktypes;
@@ -426,12 +438,19 @@ krb5_error_code
KRB5_CALLCONV
krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_enctype **ktypes)
{
- return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
- context->tgs_ktype_count,
- context->tgs_ktypes));
+ if (context->use_conf_ktypes)
+ /* This one is set *only* by reading the config file; it's not
+ set by the application. */
+ return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
+ context->conf_tgs_ktypes_count,
+ context->conf_tgs_ktypes));
+ else
+ return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
+ context->tgs_ktype_count,
+ context->tgs_ktypes));
}
-krb5_error_code
+krb5_error_code KRB5_CALLCONV
krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes)
{
return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c
index 46d485d..4700439 100644
--- a/src/lib/krb5/krb/kfree.c
+++ b/src/lib/krb5/krb/kfree.c
@@ -246,6 +246,7 @@ void krb5_free_etype_info(krb5_context context, krb5_etype_info info)
for(i=0; info[i] != NULL; i++) {
if (info[i]->salt)
free(info[i]->salt);
+ krb5_free_data_contents( context, &info[i]->s2kparams);
free(info[i]);
}
free(info);
@@ -429,14 +430,20 @@ krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val)
void KRB5_CALLCONV
krb5_free_pwd_sequences(krb5_context context, passwd_phrase_element **val)
{
- if ((*val)->passwd) {
- krb5_xfree((*val)->passwd);
- (*val)->passwd = 0;
- }
- if ((*val)->phrase) {
- krb5_xfree((*val)->phrase);
- (*val)->phrase = 0;
+ register passwd_phrase_element **temp;
+
+ for (temp = val; *temp; temp++) {
+ if ((*temp)->passwd) {
+ krb5_free_data(context, (*temp)->passwd);
+ (*temp)->passwd = 0;
+ }
+ if ((*temp)->phrase) {
+ krb5_free_data(context, (*temp)->phrase);
+ (*temp)->phrase = 0;
+ }
+ krb5_xfree(*temp);
}
+ krb5_xfree(val);
}
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c
index 6389298..04248c0 100644
--- a/src/lib/krb5/krb/mk_cred.c
+++ b/src/lib/krb5/krb/mk_cred.c
@@ -182,9 +182,8 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, krb5_creds *
memset(pcred->tickets, 0, sizeof(krb5_ticket *) * (ncred +1));
/* Get keyblock */
- if ((keyblock = auth_context->local_subkey) == NULL)
- if ((keyblock = auth_context->remote_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((keyblock = auth_context->send_subkey) == NULL)
+ keyblock = auth_context->keyblock;
/* Get replay info */
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index 196b6ee..efe254a 100644
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -119,9 +119,8 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
memset((char *) &replaydata, 0, sizeof(krb5_replay_data));
/* Get keyblock */
- if ((keyblock = auth_context->local_subkey) == NULL)
- if ((keyblock = auth_context->remote_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((keyblock = auth_context->send_subkey) == NULL)
+ keyblock = auth_context->keyblock;
/* Get replay info */
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c
index 31f3fe5..393f634 100644
--- a/src/lib/krb5/krb/mk_rep.c
+++ b/src/lib/krb5/krb/mk_rep.c
@@ -59,7 +59,14 @@ krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *out
repl.ctime = auth_context->authentp->ctime;
repl.cusec = auth_context->authentp->cusec;
- repl.subkey = auth_context->authentp->subkey;
+ if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
+ retval = krb5int_generate_and_save_subkey (context, auth_context,
+ auth_context->keyblock);
+ if (retval)
+ return retval;
+ repl.subkey = auth_context->send_subkey;
+ } else
+ repl.subkey = auth_context->authentp->subkey;
repl.seq_number = auth_context->local_seq_number;
/* encode it before encrypting */
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 1ed14a9..cdb8f69 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -68,7 +68,39 @@ static krb5_error_code
krb5_generate_authenticator (krb5_context,
krb5_authenticator *, krb5_principal,
krb5_checksum *, krb5_keyblock *,
- krb5_int32, krb5_authdata ** );
+ krb5_ui_4, krb5_authdata ** );
+
+krb5_error_code
+krb5int_generate_and_save_subkey (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock)
+{
+ /* Provide some more fodder for random number code.
+ This isn't strong cryptographically; the point here is not
+ to guarantee randomness, but to make it less likely that multiple
+ sessions could pick the same subkey. */
+ struct {
+ krb5_int32 sec, usec;
+ } rnd_data;
+ krb5_data d;
+ krb5_error_code retval;
+
+ krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
+ d.length = sizeof (rnd_data);
+ d.data = (char *) &rnd_data;
+ (void) krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_TIMING, &d);
+
+ if ((retval = krb5_generate_subkey(context, keyblock, &auth_context->send_subkey)))
+ return retval;
+ retval = krb5_copy_keyblock(context, auth_context->send_subkey,
+ &auth_context->recv_subkey);
+ if (retval) {
+ krb5_free_keyblock(context, auth_context->send_subkey);
+ auth_context->send_subkey = NULL;
+ return retval;
+ }
+ return 0;
+}
krb5_error_code KRB5_CALLCONV
krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
@@ -130,22 +162,10 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
goto cleanup;
}
- if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->local_subkey)) {
- /* Provide some more fodder for random number code.
- This isn't strong cryptographically; the point here is not
- to guarantee randomness, but to make it less likely that multiple
- sessions could pick the same subkey. */
- struct {
- krb5_int32 sec, usec;
- } rnd_data;
- krb5_data d;
- krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
- d.length = sizeof (rnd_data);
- d.data = (char *) &rnd_data;
- (void) krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_TIMING, &d);
-
- if ((retval = krb5_generate_subkey(context, &(in_creds)->keyblock,
- &(*auth_context)->local_subkey)))
+ if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
+ retval = krb5int_generate_and_save_subkey (context, *auth_context,
+ &in_creds->keyblock);
+ if (retval)
goto cleanup;
}
@@ -178,7 +198,7 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
if ((retval = krb5_generate_authenticator(context,
(*auth_context)->authentp,
(in_creds)->client, checksump,
- (*auth_context)->local_subkey,
+ (*auth_context)->send_subkey,
(*auth_context)->local_seq_number,
(in_creds)->authdata)))
goto cleanup_cksum;
@@ -232,7 +252,7 @@ cleanup:
}
static krb5_error_code
-krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_int32 seq_number, krb5_authdata **authorization)
+krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_ui_4 seq_number, krb5_authdata **authorization)
{
krb5_error_code retval;
diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c
index 992a456..eefcab7 100644
--- a/src/lib/krb5/krb/mk_safe.c
+++ b/src/lib/krb5/krb/mk_safe.c
@@ -120,9 +120,8 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da
memset((char *) &replaydata, 0, sizeof(krb5_replay_data));
/* Get keyblock */
- if ((keyblock = auth_context->local_subkey) == NULL)
- if ((keyblock = auth_context->remote_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((keyblock = auth_context->send_subkey) == NULL)
+ keyblock = auth_context->keyblock;
/* Get replay info */
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c
index abbcfbe..3debb6a 100644
--- a/src/lib/krb5/krb/parse.c
+++ b/src/lib/krb5/krb/parse.c
@@ -170,11 +170,13 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip
cp++;
size++;
} else if (c == COMPONENT_SEP) {
- krb5_princ_component(context, principal, i)->length = size;
+ if (krb5_princ_size(context, principal) > i)
+ krb5_princ_component(context, principal, i)->length = size;
size = 0;
i++;
} else if (c == REALM_SEP) {
- krb5_princ_component(context, principal, i)->length = size;
+ if (krb5_princ_size(context, principal) > i)
+ krb5_princ_component(context, principal, i)->length = size;
size = 0;
parsed_realm = cp+1;
} else
@@ -183,7 +185,8 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip
if (parsed_realm)
krb5_princ_realm(context, principal)->length = size;
else
- krb5_princ_component(context, principal, i)->length = size;
+ if (krb5_princ_size(context, principal) > i)
+ krb5_princ_component(context, principal, i)->length = size;
if (i + 1 != components) {
#if !defined(_WIN32) && !defined(macintosh)
fprintf(stderr,
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index e50440e..6238a82 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -35,7 +35,7 @@ typedef krb5_error_code (*pa_function)(krb5_context,
krb5_kdc_req *request,
krb5_pa_data *in_padata,
krb5_pa_data **out_padata,
- krb5_data *salt,
+ krb5_data *salt, krb5_data *s2kparams,
krb5_enctype *etype,
krb5_keyblock *as_key,
krb5_prompter_fct prompter_fct,
@@ -57,7 +57,7 @@ krb5_error_code pa_salt(krb5_context context,
krb5_kdc_req *request,
krb5_pa_data *in_padata,
krb5_pa_data **out_padata,
- krb5_data *salt,
+ krb5_data *salt, krb5_data *s2kparams,
krb5_enctype *etype,
krb5_keyblock *as_key,
krb5_prompter_fct prompter, void *prompter_data,
@@ -65,22 +65,11 @@ krb5_error_code pa_salt(krb5_context context,
{
krb5_data tmp;
- /* screw the abstraction. If there was a *reasonable* copy_data,
- I'd use it. But I'm inside the library, which is the twilight
- zone of source code, so I can do anything. */
-
+ tmp.data = in_padata->contents;
tmp.length = in_padata->length;
- if (tmp.length) {
- if ((tmp.data = malloc(tmp.length)) == NULL)
- return ENOMEM;
- memcpy(tmp.data, in_padata->contents, tmp.length);
- } else {
- tmp.data = NULL;
- }
-
- *salt = tmp;
-
- /* assume that no other salt was allocated */
+ krb5_free_data_contents(context, salt);
+ krb5int_copy_data_contents(context, &tmp, salt);
+
if (in_padata->pa_type == KRB5_PADATA_AFS3_SALT)
salt->length = SALT_TYPE_AFS_LENGTH;
@@ -94,6 +83,7 @@ krb5_error_code pa_enc_timestamp(krb5_context context,
krb5_pa_data *in_padata,
krb5_pa_data **out_padata,
krb5_data *salt,
+ krb5_data *s2kparams,
krb5_enctype *etype,
krb5_keyblock *as_key,
krb5_prompter_fct prompter,
@@ -119,7 +109,7 @@ krb5_error_code pa_enc_timestamp(krb5_context context,
if ((ret = ((*gak_fct)(context, request->client,
*etype ? *etype : request->ktype[0],
prompter, prompter_data,
- salt, as_key, gak_data))))
+ salt, s2kparams, as_key, gak_data))))
return(ret);
}
@@ -233,6 +223,7 @@ krb5_error_code pa_sam(krb5_context context,
krb5_pa_data *in_padata,
krb5_pa_data **out_padata,
krb5_data *salt,
+ krb5_data *s2kparams,
krb5_enctype *etype,
krb5_keyblock *as_key,
krb5_prompter_fct prompter,
@@ -283,7 +274,7 @@ krb5_error_code pa_sam(krb5_context context,
*etype = ENCTYPE_DES_CBC_CRC;
if ((ret = (gak_fct)(context, request->client, *etype, prompter,
- prompter_data, salt, as_key, gak_data)))
+ prompter_data, salt, s2kparams, as_key, gak_data)))
return(ret);
}
sprintf(name, "%.*s",
@@ -472,6 +463,7 @@ krb5_error_code pa_sam_2(krb5_context context,
krb5_pa_data *in_padata,
krb5_pa_data **out_padata,
krb5_data *salt,
+ krb5_data *s2kparams,
krb5_enctype *etype,
krb5_keyblock *as_key,
krb5_prompter_fct prompter,
@@ -542,7 +534,7 @@ krb5_error_code pa_sam_2(krb5_context context,
retval = (gak_fct)(context, request->client,
sc2b->sam_etype, prompter,
- prompter_data, salt, as_key, gak_data);
+ prompter_data, salt, s2kparams, as_key, gak_data);
if (retval) {
krb5_free_sam_challenge_2(context, sc2);
krb5_free_sam_challenge_2_body(context, sc2b);
@@ -827,87 +819,19 @@ static const pa_types_t pa_types[] = {
},
};
-static void
-sort_etype_info(krb5_context context, krb5_kdc_req *request,
- krb5_etype_info_entry **etype_info)
-{
-/* Originally adapted from a proposed solution in ticket 1006. This
- * solution is not efficient, but implementing an efficient sort
- * with a comparison function based on order in the kdc request would
- * be difficult.*/
- krb5_etype_info_entry *tmp;
- int i, j, e;
- krb5_boolean similar;
-
- if (etype_info == NULL)
- return;
-
- /* First, move up etype_info_entries whose enctype exactly matches a
- * requested enctype.
- */
- e = 0;
- for ( i = 0 ; i < request->nktypes && etype_info[e] != NULL ; i++ )
- {
- if (request->ktype[i] == etype_info[e]->etype)
- {
- e++;
- continue;
- }
- for ( j = e+1 ; etype_info[j] ; j++ )
- if (request->ktype[i] == etype_info[j]->etype)
- break;
- if (etype_info[j] == NULL)
- continue;
-
- tmp = etype_info[j];
- etype_info[j] = etype_info[e];
- etype_info[e] = tmp;
- e++;
- }
-
- /* Then move up etype_info_entries whose enctype is similar to a
- * requested enctype.
- */
- for ( i = 0 ; i < request->nktypes && etype_info[e] != NULL ; i++ )
- {
- if (krb5_c_enctype_compare(context, request->ktype[i], etype_info[e]->etype, &similar) != 0)
- continue;
-
- if (similar)
- {
- e++;
- continue;
- }
- for ( j = e+1 ; etype_info[j] ; j++ )
- {
- if (krb5_c_enctype_compare(context, request->ktype[i], etype_info[j]->etype, &similar) != 0)
- continue;
-
- if (similar)
- break;
- }
- if (etype_info[j] == NULL)
- continue;
-
- tmp = etype_info[j];
- etype_info[j] = etype_info[e];
- etype_info[e] = tmp;
- e++;
- }
-}
-
-
krb5_error_code
krb5_do_preauth(krb5_context context,
krb5_kdc_req *request,
krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
- krb5_data *salt, krb5_enctype *etype,
+ krb5_data *salt, krb5_data *s2kparams,
+ krb5_enctype *etype,
krb5_keyblock *as_key,
krb5_prompter_fct prompter, void *prompter_data,
krb5_gic_get_as_key_fct gak_fct, void *gak_data)
{
int h, i, j, out_pa_list_size;
- krb5_pa_data *out_pa, **out_pa_list;
+ int seen_etype_info2 = 0;
+ krb5_pa_data *out_pa = NULL, **out_pa_list = NULL;
krb5_data scratch;
krb5_etype_info etype_info = NULL;
krb5_error_code ret;
@@ -938,6 +862,7 @@ krb5_do_preauth(krb5_context context,
for (h=0; h<(sizeof(paorder)/sizeof(paorder[0])); h++) {
realdone = 0;
for (i=0; in_padata[i] && !realdone; i++) {
+ int k, l, etype_found, valid_etype_found;
/*
* This is really gross, but is necessary to prevent
* lossge when talking to a 1.0.x KDC, which returns an
@@ -946,27 +871,81 @@ krb5_do_preauth(krb5_context context,
*/
switch (in_padata[i]->pa_type) {
case KRB5_PADATA_ETYPE_INFO:
- if (etype_info)
- continue;
+ case KRB5_PADATA_ETYPE_INFO2:
+ {
+ krb5_preauthtype pa_type = in_padata[i]->pa_type;
+ if (etype_info) {
+ if (seen_etype_info2 || pa_type != KRB5_PADATA_ETYPE_INFO2)
+ continue;
+ if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
+ krb5_free_etype_info( context, etype_info);
+ etype_info = NULL;
+ }
+ }
+
scratch.length = in_padata[i]->length;
scratch.data = (char *) in_padata[i]->contents;
- ret = decode_krb5_etype_info(&scratch, &etype_info);
+ if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
+ seen_etype_info2++;
+ ret = decode_krb5_etype_info2(&scratch, &etype_info);
+ }
+ else ret = decode_krb5_etype_info(&scratch, &etype_info);
if (ret) {
- if (out_pa_list) {
- out_pa_list[out_pa_list_size++] = NULL;
- krb5_free_pa_data(context, out_pa_list);
- }
- return ret;
+ ret = 0; /*Ignore error and etype_info element*/
+ krb5_free_etype_info( context, etype_info);
+ etype_info = NULL;
+ continue;
}
if (etype_info[0] == NULL) {
krb5_free_etype_info(context, etype_info);
etype_info = NULL;
break;
}
- sort_etype_info(context, request, etype_info);
- salt->data = (char *) etype_info[0]->salt;
- salt->length = etype_info[0]->length;
- *etype = etype_info[0]->etype;
+ /*
+ * Select first etype in our request which is also in
+ * etype-info (preferring client request ktype order).
+ */
+ for (etype_found = 0, valid_etype_found = 0, k = 0;
+ !etype_found && k < request->nktypes; k++) {
+ for (l = 0; etype_info[l]; l++) {
+ if (etype_info[l]->etype == request->ktype[k]) {
+ etype_found++;
+ break;
+ }
+ /* check if program has support for this etype for more
+ * precise error reporting.
+ */
+ if (valid_enctype(etype_info[l]->etype))
+ valid_etype_found++;
+ }
+ }
+ if (!etype_found) {
+ if (valid_etype_found) {
+ /* supported enctype but not requested */
+ ret = KRB5_CONFIG_ETYPE_NOSUPP;
+ goto cleanup;
+ }
+ else {
+ /* unsupported enctype */
+ ret = KRB5_PROG_ETYPE_NOSUPP;
+ goto cleanup;
+ }
+
+ }
+ scratch.data = (char *) etype_info[l]->salt;
+ scratch.length = etype_info[l]->length;
+ krb5_free_data_contents(context, salt);
+ if (scratch.length == KRB5_ETYPE_NO_SALT)
+ salt->data = NULL;
+ else
+ if ((ret = krb5int_copy_data_contents( context, &scratch, salt)) != 0)
+ goto cleanup;
+ *etype = etype_info[l]->etype;
+ krb5_free_data_contents(context, s2kparams);
+ if ((ret = krb5int_copy_data_contents(context,
+ &etype_info[l]->s2kparams,
+ s2kparams)) != 0)
+ goto cleanup;
#ifdef DEBUG
for (j = 0; etype_info[j]; j++) {
krb5_etype_info_entry *e = etype_info[j];
@@ -978,6 +957,7 @@ krb5_do_preauth(krb5_context context,
}
#endif
break;
+ }
case KRB5_PADATA_PW_SALT:
case KRB5_PADATA_AFS3_SALT:
if (etype_info)
@@ -993,16 +973,10 @@ krb5_do_preauth(krb5_context context,
if ((ret = ((*pa_types[j].fct)(context, request,
in_padata[i], &out_pa,
- salt, etype, as_key,
+ salt, s2kparams, etype, as_key,
prompter, prompter_data,
gak_fct, gak_data)))) {
- if (out_pa_list) {
- out_pa_list[out_pa_list_size++] = NULL;
- krb5_free_pa_data(context, out_pa_list);
- }
- if (etype_info)
- krb5_free_etype_info(context, etype_info);
- return(ret);
+ goto cleanup;
}
if (out_pa) {
@@ -1010,18 +984,22 @@ krb5_do_preauth(krb5_context context,
if ((out_pa_list =
(krb5_pa_data **)
malloc(2*sizeof(krb5_pa_data *)))
- == NULL)
- return(ENOMEM);
+ == NULL) {
+ ret = ENOMEM;
+ goto cleanup;
+ }
} else {
if ((out_pa_list =
(krb5_pa_data **)
realloc(out_pa_list,
(out_pa_list_size+2)*
sizeof(krb5_pa_data *)))
- == NULL)
- /* XXX this will leak the pointers which
+ == NULL) {
+ /* XXX this will leak the pointers which
have already been allocated. oh well. */
- return(ENOMEM);
+ ret = ENOMEM;
+ goto cleanup;
+ }
}
out_pa_list[out_pa_list_size++] = out_pa;
@@ -1037,6 +1015,16 @@ krb5_do_preauth(krb5_context context,
out_pa_list[out_pa_list_size++] = NULL;
*out_padata = out_pa_list;
-
+ if (etype_info)
+ krb5_free_etype_info(context, etype_info);
+
return(0);
+ cleanup:
+ if (out_pa_list) {
+ out_pa_list[out_pa_list_size++] = NULL;
+ krb5_free_pa_data(context, out_pa_list);
+ }
+ if (etype_info)
+ krb5_free_etype_info(context, etype_info);
+ return (ret);
}
diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c
index 228219f..11be47f 100644
--- a/src/lib/krb5/krb/rd_cred.c
+++ b/src/lib/krb5/krb/rd_cred.c
@@ -33,15 +33,11 @@ decrypt_credencdata(krb5_context context, krb5_cred *pcred, krb5_keyblock *pkeyb
/* now decode the decrypted stuff */
if ((retval = decode_krb5_enc_cred_part(&scratch, &ppart)))
- goto cleanup_encpart;
+ goto cleanup;
*pcredenc = *ppart;
retval = 0;
-cleanup_encpart:
- memset(ppart, 0, sizeof(*ppart));
- krb5_xfree(ppart);
-
cleanup:
memset(scratch.data, 0, scratch.length);
krb5_xfree(scratch.data);
@@ -169,9 +165,8 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *pc
krb5_replay_data replaydata;
/* Get keyblock */
- if ((keyblock = auth_context->remote_subkey) == NULL)
- if ((keyblock = auth_context->local_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((keyblock = auth_context->recv_subkey) == NULL)
+ keyblock = auth_context->keyblock;
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 8132056..cf74807 100644
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -156,9 +156,8 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_da
krb5_replay_data replaydata;
/* Get keyblock */
- if ((keyblock = auth_context->remote_subkey) == NULL)
- if ((keyblock = auth_context->local_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((keyblock = auth_context->recv_subkey) == NULL)
+ keyblock = auth_context->keyblock;
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@@ -247,7 +246,8 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_da
}
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- if (auth_context->remote_seq_number != replaydata.seq) {
+ if (!krb5int_auth_con_chkseqnum(context, auth_context,
+ replaydata.seq)) {
retval = KRB5KRB_AP_ERR_BADORDER;
goto error;
}
diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c
index e35e43f..8019229 100644
--- a/src/lib/krb5/krb/rd_rep.c
+++ b/src/lib/krb5/krb/rd_rep.c
@@ -81,8 +81,24 @@ krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_dat
/* Set auth subkey */
if ((*repl)->subkey) {
+ if (auth_context->recv_subkey) {
+ krb5_free_keyblock(context, auth_context->recv_subkey);
+ auth_context->recv_subkey = NULL;
+ }
retval = krb5_copy_keyblock(context, (*repl)->subkey,
- &auth_context->remote_subkey);
+ &auth_context->recv_subkey);
+ if (retval)
+ goto clean_scratch;
+ if (auth_context->send_subkey) {
+ krb5_free_keyblock(context, auth_context->send_subkey);
+ auth_context->send_subkey = NULL;
+ }
+ retval = krb5_copy_keyblock(context, (*repl)->subkey,
+ &auth_context->send_subkey);
+ if (retval) {
+ krb5_free_keyblock(context, auth_context->send_subkey);
+ auth_context->send_subkey = NULL;
+ }
}
/* Get remote sequence number */
diff --git a/src/lib/krb5/krb/rd_req.c b/src/lib/krb5/krb/rd_req.c
index f844e3c..9a2f458 100644
--- a/src/lib/krb5/krb/rd_req.c
+++ b/src/lib/krb5/krb/rd_req.c
@@ -83,7 +83,9 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_da
server = request->ticket->server;
}
/* Get an rcache if necessary. */
- if (((*auth_context)->rcache == NULL) && server) {
+ if (((*auth_context)->rcache == NULL)
+ && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)
+&& server) {
if ((retval = krb5_get_server_rcache(context,
krb5_princ_component(context,server,0), &(*auth_context)->rcache)))
goto cleanup_auth_context;
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
index fa126b4..3c398ae 100644
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -290,10 +290,18 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, c
if ((*auth_context)->authentp->subkey) {
if ((retval = krb5_copy_keyblock(context,
(*auth_context)->authentp->subkey,
- &((*auth_context)->remote_subkey))))
+ &((*auth_context)->recv_subkey))))
goto cleanup;
+ retval = krb5_copy_keyblock(context, (*auth_context)->authentp->subkey,
+ &((*auth_context)->send_subkey));
+ if (retval) {
+ krb5_free_keyblock(context, (*auth_context)->recv_subkey);
+ (*auth_context)->recv_subkey = NULL;
+ goto cleanup;
+ }
} else {
- (*auth_context)->remote_subkey = 0;
+ (*auth_context)->recv_subkey = 0;
+ (*auth_context)->send_subkey = 0;
}
if ((retval = krb5_copy_keyblock(context, req->ticket->enc_part2->session,
diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index 0f6cec2..15dc6dc 100644
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -51,6 +51,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
{
krb5_error_code retval;
krb5_safe * message;
+ krb5_data safe_body;
krb5_checksum our_cksum, *his_cksum;
krb5_octet zero_octet = 0;
krb5_data *scratch;
@@ -59,7 +60,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
if (!krb5_is_krb_safe(inbuf))
return KRB5KRB_AP_ERR_MSG_TYPE;
- if ((retval = decode_krb5_safe(inbuf, &message)))
+ if ((retval = decode_krb5_safe_with_body(inbuf, &message, &safe_body)))
return retval;
if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) {
@@ -113,7 +114,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
message->checksum = &our_cksum;
- if ((retval = encode_krb5_safe(message, &scratch)))
+ if ((retval = encode_krb5_safe_with_body(message, &safe_body, &scratch)))
goto cleanup;
message->checksum = his_cksum;
@@ -126,8 +127,17 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb
krb5_free_data(context, scratch);
if (!valid) {
- retval = KRB5KRB_AP_ERR_MODIFIED;
- goto cleanup;
+ /*
+ * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in
+ * case someone actually implements it correctly.
+ */
+ retval = krb5_c_verify_checksum(context, keyblock,
+ KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
+ &safe_body, his_cksum, &valid);
+ if (!valid) {
+ retval = KRB5KRB_AP_ERR_MODIFIED;
+ goto cleanup;
+ }
}
replaydata->timestamp = message->timestamp;
@@ -161,9 +171,8 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da
return KRB5_RC_REQUIRED;
/* Get keyblock */
- if ((keyblock = auth_context->remote_subkey) == NULL)
- if ((keyblock = auth_context->local_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((keyblock = auth_context->recv_subkey) == NULL)
+ keyblock = auth_context->keyblock;
{
krb5_address * premote_fulladdr = NULL;
@@ -240,7 +249,8 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da
}
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- if (auth_context->remote_seq_number != replaydata.seq) {
+ if (!krb5int_auth_con_chkseqnum(context, auth_context,
+ replaydata.seq)) {
retval = KRB5KRB_AP_ERR_BADORDER;
goto error;
}
diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index 244d18e..34a98c0 100644
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -278,6 +278,7 @@ send_again:
}
krb5_free_error(context, err_reply);
}
+ rep->message_type = KRB5_ERROR;
} else if (krb5_is_tgs_rep(&rep->response))
rep->message_type = KRB5_TGS_REP;
else /* XXX: assume it's an error */
diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c
index a8ec90e..32519e1 100644
--- a/src/lib/krb5/krb/ser_actx.c
+++ b/src/lib/krb5/krb/ser_actx.c
@@ -151,21 +151,21 @@ krb5_auth_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
required += sizeof(krb5_int32);
}
- /* Calculate size required by local_subkey, if appropriate */
- if (!kret && auth_context->local_subkey) {
+ /* Calculate size required by send_subkey, if appropriate */
+ if (!kret && auth_context->send_subkey) {
kret = krb5_size_opaque(kcontext,
KV5M_KEYBLOCK,
- (krb5_pointer) auth_context->local_subkey,
+ (krb5_pointer) auth_context->send_subkey,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
- /* Calculate size required by remote_subkey, if appropriate */
- if (!kret && auth_context->remote_subkey) {
+ /* Calculate size required by recv_subkey, if appropriate */
+ if (!kret && auth_context->recv_subkey) {
kret = krb5_size_opaque(kcontext,
KV5M_KEYBLOCK,
- (krb5_pointer) auth_context->remote_subkey,
+ (krb5_pointer) auth_context->recv_subkey,
&required);
if (!kret)
required += sizeof(krb5_int32);
@@ -300,23 +300,23 @@ krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octe
}
/* Now handle subkey, if appropriate */
- if (!kret && auth_context->local_subkey) {
+ if (!kret && auth_context->send_subkey) {
(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
- auth_context->local_subkey,
+ auth_context->send_subkey,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
- if (!kret && auth_context->remote_subkey) {
+ if (!kret && auth_context->recv_subkey) {
(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
- auth_context->remote_subkey,
+ auth_context->recv_subkey,
&bp,
&remain);
}
@@ -474,26 +474,26 @@ krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_oc
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
- /* This is the local_subkey */
+ /* This is the send_subkey */
if (!kret && (tag == TOKEN_LSKBLOCK)) {
if (!(kret = krb5_internalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer *)
&auth_context->
- local_subkey,
+ send_subkey,
&bp,
&remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
- /* This is the remote_subkey */
+ /* This is the recv_subkey */
if (!kret) {
if (tag == TOKEN_RSKBLOCK) {
kret = krb5_internalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer *)
&auth_context->
- remote_subkey,
+ recv_subkey,
&bp,
&remain);
}
diff --git a/src/lib/krb5/krb/serialize.c b/src/lib/krb5/krb/serialize.c
index 7c5f17a..9cbcef7 100644
--- a/src/lib/krb5/krb/serialize.c
+++ b/src/lib/krb5/krb/serialize.c
@@ -174,7 +174,7 @@ krb5_internalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer *
}
/*
- * krb5_ser_pack_int32() - Pack a 4-byte integer if space is availble.
+ * krb5_ser_pack_int32() - Pack a 4-byte integer if space is available.
* Update buffer pointer and remaining space.
*/
krb5_error_code KRB5_CALLCONV
@@ -194,6 +194,23 @@ krb5_ser_pack_int32(krb5_int32 iarg, krb5_octet **bufp, size_t *remainp)
}
/*
+ * krb5_ser_pack_int64() - Pack an 8-byte integer if space is available.
+ * Update buffer pointer and remaining space.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int64(krb5_int64 iarg, krb5_octet **bufp, size_t *remainp)
+{
+ if (*remainp >= sizeof(krb5_int64)) {
+ store_64_be(iarg, (unsigned char *)*bufp);
+ *bufp += sizeof(krb5_int64);
+ *remainp -= sizeof(krb5_int64);
+ return(0);
+ }
+ else
+ return(ENOMEM);
+}
+
+/*
* krb5_ser_pack_bytes() - Pack a string of bytes.
*/
krb5_error_code KRB5_CALLCONV
@@ -229,6 +246,22 @@ krb5_ser_unpack_int32(krb5_int32 *intp, krb5_octet **bufp, size_t *remainp)
}
/*
+ * krb5_ser_unpack_int64() - Unpack an 8-byte integer if it's there.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int64(krb5_int64 *intp, krb5_octet **bufp, size_t *remainp)
+{
+ if (*remainp >= sizeof(krb5_int64)) {
+ *intp = load_64_be((unsigned char *)*bufp);
+ *bufp += sizeof(krb5_int64);
+ *remainp -= sizeof(krb5_int64);
+ return(0);
+ }
+ else
+ return(ENOMEM);
+}
+
+/*
* krb5_ser_unpack_bytes() - Unpack a byte string if it's there.
*/
krb5_error_code KRB5_CALLCONV
diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c
index aa41bc5..e66d2d3 100644
--- a/src/lib/krb5/krb/srv_rcache.c
+++ b/src/lib/krb5/krb/srv_rcache.c
@@ -48,6 +48,9 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache
unsigned long uid = geteuid();
#endif
+ if (piece == NULL)
+ return ENOMEM;
+
rcache = (krb5_rcache) malloc(sizeof(*rcache));
if (!rcache)
return ENOMEM;
@@ -58,7 +61,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache
len = piece->length + 3 + 1;
for (i = 0; i < piece->length; i++) {
- if (piece->data[i] == '\\')
+ if (piece->data[i] == '-')
len++;
else if (!isvalidrcname((int) piece->data[i]))
len += 3;
@@ -78,14 +81,14 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache
strcpy(cachename, "rc_");
p = 3;
for (i = 0; i < piece->length; i++) {
- if (piece->data[i] == '\\') {
- cachename[p++] = '\\';
- cachename[p++] = '\\';
+ if (piece->data[i] == '-') {
+ cachename[p++] = '-';
+ cachename[p++] = '-';
continue;
}
if (!isvalidrcname((int) piece->data[i])) {
sprintf(tmp, "%03o", piece->data[i]);
- cachename[p++] = '\\';
+ cachename[p++] = '-';
cachename[p++] = tmp[0];
cachename[p++] = tmp[1];
cachename[p++] = tmp[2];
diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c
index f0e52dc..6f1a3c9 100644
--- a/src/lib/krb5/krb/unparse.c
+++ b/src/lib/krb5/krb/unparse.c
@@ -149,7 +149,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
*q++ = COMPONENT_SEP;
}
- q--; /* Back up last component separator */
+ if (i > 0)
+ q--; /* Back up last component separator */
*q++ = REALM_SEP;
cp = krb5_princ_realm(context, principal)->data;
diff --git a/src/lib/krb5/krb/v4lifetime.c b/src/lib/krb5/krb/v4lifetime.c
new file mode 100644
index 0000000..94bf5f6
--- /dev/null
+++ b/src/lib/krb5/krb/v4lifetime.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "k5-int.h"
+
+/*
+ * Only lifetime bytes values less than 128 are on a linear scale.
+ * The following table contains an exponential scale that covers the
+ * lifetime values 128 to 191 inclusive (a total of 64 values).
+ * Values greater than 191 get interpreted the same as 191, but they
+ * will never be generated by the functions in this file.
+ *
+ * The ratio is approximately 1.069144898 (actually exactly
+ * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30
+ * days, and 38400 = 128*5 minutes. This allows a lifetime byte of
+ * 191 to correspond to a ticket life of exactly 30 days and a
+ * lifetime byte of 128 to correspond to exactly 128*5 minutes, with
+ * the other values spread on an exponential curve fit in between
+ * them. This table should correspond exactly to the set of extended
+ * ticket lifetime values used by AFS and CMU.
+ *
+ * The following awk script is sufficient to reproduce the table:
+ * BEGIN {
+ * r = exp(log(2592000/38400)/63);
+ * x = 38400;
+ * for (i=0;i<64;i++) {
+ * printf("%d\n",x+0.5);
+ * x *= r;
+ * }
+ * }
+ */
+#ifndef SHORT_LIFETIME
+#define NLIFETIMES 64
+static const krb5_int32 lifetimes[NLIFETIMES] = {
+ 38400, 41055, /* 00:10:40:00, 00:11:24:15 */
+ 43894, 46929, /* 00:12:11:34, 00:13:02:09 */
+ 50174, 53643, /* 00:13:56:14, 00:14:54:03 */
+ 57352, 61318, /* 00:15:55:52, 00:17:01:58 */
+ 65558, 70091, /* 00:18:12:38, 00:19:28:11 */
+ 74937, 80119, /* 00:20:48:57, 00:22:15:19 */
+ 85658, 91581, /* 00:23:47:38, 01:01:26:21 */
+ 97914, 104684, /* 01:03:11:54, 01:05:04:44 */
+ 111922, 119661, /* 01:07:05:22, 01:09:14:21 */
+ 127935, 136781, /* 01:11:32:15, 01:13:59:41 */
+ 146239, 156350, /* 01:16:37:19, 01:19:25:50 */
+ 167161, 178720, /* 01:22:26:01, 02:01:38:40 */
+ 191077, 204289, /* 02:05:04:37, 02:08:44:49 */
+ 218415, 233517, /* 02:12:40:15, 02:16:51:57 */
+ 249664, 266926, /* 02:21:21:04, 03:02:08:46 */
+ 285383, 305116, /* 03:07:16:23, 03:12:45:16 */
+ 326213, 348769, /* 03:18:36:53, 04:00:52:49 */
+ 372885, 398668, /* 04:07:34:45, 04:14:44:28 */
+ 426234, 455705, /* 04:22:23:54, 05:06:35:05 */
+ 487215, 520904, /* 05:15:20:15, 06:00:41:44 */
+ 556921, 595430, /* 06:10:42:01, 06:21:23:50 */
+ 636601, 680618, /* 07:08:50:01, 07:21:03:38 */
+ 727680, 777995, /* 08:10:08:00, 09:00:06:35 */
+ 831789, 889303, /* 09:15:03:09, 10:07:01:43 */
+ 950794, 1016537, /* 11:00:06:34, 11:18:22:17 */
+ 1086825, 1161973, /* 12:13:53:45, 13:10:46:13 */
+ 1242318, 1328218, /* 14:09:05:18, 15:08:56:58 */
+ 1420057, 1518247, /* 16:10:27:37, 17:13:44:07 */
+ 1623226, 1735464, /* 18:18:53:46, 20:02:04:24 */
+ 1855462, 1983758, /* 21:11:24:22, 22:23:02:38 */
+ 2120925, 2267576, /* 24:13:08:45, 26:05:52:56 */
+ 2424367, 2592000 /* 28:01:26:07, 30:00:00:00 */
+};
+#define MINFIXED 0x80
+#define MAXFIXED (MINFIXED + NLIFETIMES - 1)
+#endif /* !SHORT_LIFETIME */
+
+/*
+ * krb_life_to_time
+ *
+ * Given a start date and a lifetime byte, compute the expiration
+ * date.
+ */
+krb5_int32
+krb5int_krb_life_to_time(krb5_int32 start, int life)
+{
+ if (life < 0 || life > 255) /* possibly sign botch in caller */
+ return start;
+#ifndef SHORT_LIFETIME
+ if (life < MINFIXED)
+ return start + life * 5 * 60;
+ if (life > MAXFIXED)
+ return start + lifetimes[NLIFETIMES - 1];
+ return start + lifetimes[life - MINFIXED];
+#else /* SHORT_LIFETIME */
+ return start + life * 5 * 60;
+#endif /* SHORT_LIFETIME */
+}
+
+/*
+ * krb_time_to_life
+ *
+ * Given the start date and the end date, compute the lifetime byte.
+ * Round up, since we can adjust the start date backwards if we are
+ * issuing the ticket to cause it to expire at the correct time.
+ */
+int
+krb5int_krb_time_to_life(krb5_int32 start, krb5_int32 end)
+{
+ krb5_int32 dt;
+#ifndef SHORT_LIFETIME
+ int i;
+#endif
+
+ dt = end - start;
+ if (dt <= 0)
+ return 0;
+#ifndef SHORT_LIFETIME
+ if (dt < lifetimes[0])
+ return (dt + 5 * 60 - 1) / (5 * 60);
+ /* This depends on the array being ordered. */
+ for (i = 0; i < NLIFETIMES; i++) {
+ if (lifetimes[i] >= dt)
+ return i + MINFIXED;
+ }
+ return MAXFIXED;
+#else /* SHORT_LIFETIME */
+ if (dt > 5 * 60 * 255)
+ return 255;
+ else
+ return (dt + 5 * 60 - 1) / (5 * 60);
+#endif /* SHORT_LIFETIME */
+}
generated by cgit v1.1 at 2024-07-09 01:29:23 +0000