revert 21003

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21004 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-06-08 01:53:10 +00:00
parent 12df8538af
commit 9df9f6a9da
46 changed files with 58 additions and 229 deletions

View File

@@ -132,14 +132,11 @@ check-local::
echo "$$dashes"; \
fi
SUFFIXES += .x .z
SUFFIXES += .x
.x.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
.z.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
NROFF_MAN = groff -mandoc -Tascii

View File

@@ -464,7 +464,6 @@ AC_CONFIG_FILES(Makefile \
lib/roken/Makefile \
lib/sl/Makefile \
lib/vers/Makefile \
lib/wind/Makefile \
kuser/Makefile \
kpasswd/Makefile \
kadmin/Makefile \

View File

@@ -41,10 +41,9 @@ static char *delegation_cred_str;
static char *etype_str;
static int transit_flag = 1;
static int forwardable_flag;
static char *impersonate_str;
static int server_flag;
static int version_flag;
static int help_flag;
static char *impersonate_str;
struct getargs args[] = {
{ "cache", 'c', arg_string, &cache_str,
@@ -60,7 +59,6 @@ struct getargs args[] = {
"encryption type to use", "enctype"},
{ "impersonate", 0, arg_string, &impersonate_str,
"client to impersonate", "principal"},
{ "server", 0, arg_flag, &server_flag },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
@@ -187,9 +185,6 @@ main(int argc, char **argv)
if (ret)
krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
if (server_flag)
server->name.name_type = KRB5_NT_SRV_INST;
ret = krb5_get_creds(context, opt, cache, server, &out);
if (ret)
krb5_err (context, 1, ret, "krb5_get_creds");

View File

@@ -649,26 +649,6 @@ PA-SvrReferralData ::= SEQUENCE {
referred-realm [0] Realm
}
-- Kerberos remote encryption
K5REncEncryptDecryptREQ ::= SEQUENCE {
id [0] krb5int32,
encrypt [1] BOOLEAN,
principal [2] Principal,
kvno [3] krb5int32 OPTIONAL,
etype [4] krb5int32,
usage [5] krb5int32,
ivec [6] OCTET STRING OPTIONAL,
data [7] OCTET STRING
}
K5REncEncryptDecryptREP ::= SEQUENCE {
id [0] krb5int32,
data [1] OCTET STRING,
error-code [2] krb5int32 OPTIONAL
}
END
-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1

View File

@@ -160,7 +160,7 @@ KDCDHKeyInfo-Win2k ::= SEQUENCE {
ReplyKeyPack-Win2k ::= SEQUENCE {
replyKey [0] EncryptionKey,
nonce [1] INTEGER (-2147483648..2147483647),
nonce [1] INTEGER (0..4294967295),
...
}

View File

@@ -1,7 +1,3 @@
2007-06-04 Love H<>rnquist <20>strand <lha@it.su.se>
* ntlm/digest.c: Free memory when done.
2007-06-02 Love H<>rnquist <20>strand <lha@it.su.se>
* test_ntlm.c: Test both with and without keyex.

View File

@@ -168,8 +168,7 @@ ntlmsrc = \
ntlm/process_context_token.c \
ntlm/release_cred.c \
ntlm/release_name.c \
ntlm/digest.c \
ntlm/winbind.c
ntlm/digest.c
$(srcdir)/ntlm/ntlm-private.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h

View File

@@ -798,71 +798,6 @@ gss_decapsulate_token(gss_buffer_t /* input_token */,
gss_buffer_t /* output_token */);
/*
* GSS_Unwrap() with support for associated data.
*
* Notes:
*
* token_header_buffer contains the GSS-API token as
* received from the peer
*
* associated_data_buffer contains the complete data
* over which the checksum is to be verified;
*
* input_message_buffer contains the complete data to
* be decrypted if confidentiality was requested;
*
* input_message_buffer value must point into the value
* of associated_data_buffer (hence input_message_buffer
* just specifies a span within associated_data_buffer).
*
* On returning GSS_S_COMPLETE, output_message_buffer
* will contain input_message_buffer after unwrapping and;
*
* associated_data_buffer will have been authenticated
*
*/
OM_uint32
gss_unwrap_ex(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t token_header_buffer,
const gss_buffer_t associated_data_buffer,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state);
/*
* GSS_Wrap() with support for associated data.
*
* Notes:
*
* associated_data_buffer contains the complete data
* over which the checksum is to be verified;
*
* input_message_buffer contains the data to be
* encrypted if conf_req_flag == TRUE.
*
* On returning GSS_S_COMPLETE, output_token_buffer
* will contain the GSS-API tokenheader, and;
*
* output_message_buffer will contain input_message_buffer
* after wrapping (including any padding)
*/
OM_uint32
gss_wrap_ex(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t associated_data_buffer,
const gss_buffer_t input_message_buffer,
int *conf_state,
gss_buffer_t output_token_buffer,
gss_buffer_t output_message_buffer);
#ifdef __cplusplus
}

View File

@@ -77,7 +77,7 @@ ${hxtool} issue-certificate \
--generate-key=rsa \
--subject="CN=User,DC=heimdal,DC=pki" \
--ms-upn="user@heimdal.pki" \
--crl-uri="http://people.su.se/~lha/wcrl.crl" \
--crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \
--certificate="FILE:wuser.pem" \
--ca-certificate=FILE:wca.pem || exit 1

View File

@@ -724,41 +724,16 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
/*
get_cred(server)
creds = cc_get_cred(server)
if(creds)
return creds
# XXX check referrals cache
try-realm = ca-paths
if (try-realm == NULL)
try_realm = client.realm;
server-realm = server.realm
tgt = find_cred(krbtgt/{try-realm}@ANY)
while (num-referrals++ < max-num-referrals) {
req-server = server.service@server_realm
creds = get_cred(tgt, req-server)
if (creds == NULL)
break
add-traversed(server_realm)
if (referral?(creds, secure?, &referral)) {
if (referral && check-name(creds, req-server))
return NULL(bad-name)
if (tgt?(creds)) {
if (traversed-before(creds.realm))
return NULL(eloop)
server_realm = creds.realm
tgt = creds
if (referral && referral.true-name)
server = referral.true-name
} else {
return creds
}
} else if (match(server, creds)) {
return creds
} else {
break
}
}
return NULL(enotfound)
if(creds) return creds
tgt = cc_get_cred(krbtgt/server_realm@any_realm)
if(tgt)
return get_cred_tgt(server, tgt)
if(client_realm == server_realm)
return NULL
tgt = get_cred(krbtgt/server_realm@client_realm)
while(tgt_inst != server_realm)
tgt = get_cred(krbtgt/server_realm@tgt_inst)
return get_cred_tgt(server, tgt)
*/
static krb5_error_code

View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003 - 2007 Kungliga Tekniska H<>gskolan
* Copyright (c) 2003 - 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*

View File

@@ -826,15 +826,14 @@ krb5_rd_req_ctx(krb5_context context,
goto out;
}
ret = krb5_verify_ap_req2(context,
auth_context,
&ap_req,
server,
o->keyblock,
0,
&o->ap_req_options,
&o->ticket,
KRB5_KU_AP_REQ_AUTH);
ret = krb5_verify_ap_req(context,
auth_context,
&ap_req,
server,
o->keyblock,
0,
&o->ap_req_options,
&o->ticket);
if (ret)
goto out;

View File

@@ -36,7 +36,7 @@
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
#include <base64.h>
int

View File

@@ -43,7 +43,7 @@ RCSID("$Id$");
#include <unistd.h>
#endif
#include "roken.h"
#include <roken.h>
int ROKEN_LIB_FUNCTION
closefrom(int fd)

View File

@@ -38,7 +38,7 @@ RCSID("$Id$");
#include <unistd.h>
#include "roken.h"
#include <roken.h>
/*
* Write datablob to a filename, don't care about errors.

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <stdlib.h>
#include <err.h>
#include "roken.h"
#include <roken.h>
/*
* Like calloc but never fails.

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <stdlib.h>
#include <err.h>
#include "roken.h"
#include <roken.h>
/*
* Like malloc but never fails.

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <unistd.h>
#include <err.h>
#include "roken.h"
#include <roken.h>
/*
* Like read but never fails (and never returns partial data).

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <stdlib.h>
#include <err.h>
#include "roken.h"
#include <roken.h>
/*
* Like realloc but never fails.

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <stdlib.h>
#include <err.h>
#include "roken.h"
#include <roken.h>
/*
* Like strdup but never fails.

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <unistd.h>
#include <err.h>
#include "roken.h"
#include <roken.h>
/*
* Like write but never fails (and never returns partial data).

View File

@@ -58,7 +58,7 @@ RCSID("$Id$");
#include <termios.h>
#endif
#include "roken.h"
#include <roken.h>
int ROKEN_LIB_FUNCTION
get_window_size(int fd, struct winsize *wp)

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "roken.h"
#include <roken.h>
#include "getarg.h"
#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)

View File

@@ -59,7 +59,7 @@ struct aud_rec;
#ifdef HAVE_USERCONF_H
#include <userconf.h>
#endif
#include "roken.h"
#include <roken.h>
#ifndef _PATH_SHELLS
#define _PATH_SHELLS "/etc/shells"

View File

@@ -37,7 +37,7 @@
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
#include <hex.h>
int

View File

@@ -36,7 +36,7 @@
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
/*
*

View File

@@ -36,7 +36,7 @@
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
int ROKEN_LIB_FUNCTION
inet_pton(int af, const char *src, void *dst)

View File

@@ -40,7 +40,7 @@ RCSID("$Id$");
#include <unistd.h>
#include <errno.h>
#include "roken.h"
#include <roken.h>
/*
* Like read but never return partial data.

View File

@@ -40,7 +40,7 @@ RCSID("$Id$");
#include <unistd.h>
#include <errno.h>
#include "roken.h"
#include <roken.h>
/*
* Like write but never return partial data.

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include "roken.h"
#include <roken.h>
#include "parse_units.h"
/*

View File

@@ -36,7 +36,7 @@
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
#undef roken_gethostbyname
#undef roken_gethostbyaddr

View File

@@ -49,7 +49,7 @@ RCSID("$Id$");
#endif
#include <errno.h>
#include "roken.h"
#include <roken.h>
#define EX_NOEXEC 126
#define EX_NOTFOUND 127

View File

@@ -43,7 +43,7 @@ RCSID("$Id$");
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "roken.h"
#include <roken.h>
#include <assert.h>
enum format_flags {

View File

@@ -36,7 +36,7 @@
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
#include <err.h>
/*

View File

@@ -88,7 +88,7 @@
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include "roken.h"
#include <roken.h>
#include "socket_wrapper.h"

View File

@@ -40,7 +40,7 @@ RCSID("$Id$");
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "roken.h"
#include <roken.h>
enum { initial = 10, increment = 5 };

View File

@@ -38,7 +38,7 @@ RCSID("$Id$");
#include <string.h>
#include <ctype.h>
#include "roken.h"
#include <roken.h>
#ifndef HAVE_STRLWR
char * ROKEN_LIB_FUNCTION

View File

@@ -38,7 +38,7 @@ RCSID("$Id$");
#include <stdlib.h>
#include <string.h>
#include "roken.h"
#include <roken.h>
#ifndef HAVE_STRNDUP
char * ROKEN_LIB_FUNCTION

View File

@@ -38,7 +38,7 @@ RCSID("$Id$");
#include <stdarg.h>
#include <stdlib.h>
#include "roken.h"
#include <roken.h>
struct rk_strpool {
char *str;

View File

@@ -38,7 +38,7 @@ RCSID("$Id$");
#include <string.h>
#include <ctype.h>
#include "roken.h"
#include <roken.h>
#ifndef HAVE_STRUPR
char * ROKEN_LIB_FUNCTION

View File

@@ -40,7 +40,7 @@
#include <stdio.h>
#include <string.h>
#include <err.h>
#include "roken.h"
#include <roken.h>
#include "test-mem.h"

View File

@@ -34,7 +34,7 @@
#include <config.h>
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
#ifndef _DIAGASSERT
#define _DIAGASSERT(X)
#endif

View File

@@ -67,7 +67,7 @@
#include <config.h>
RCSID("$Id$");
#endif
#include "roken.h"
#include <roken.h>
#ifndef _DIAGASSERT
#define _DIAGASSERT(X)
#endif

View File

@@ -39,7 +39,7 @@ RCSID("$Id$");
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include "roken.h"
#include <roken.h>
#include "roken.h"

View File

@@ -43,12 +43,8 @@ testfailed="echo test failed; cat messages.log; exit 1"
# If there is no useful db support compile in, disable test
../db/have-db || exit 77
exit 77
R=TEST.H5L.SE
R2=SUB.TEST.H5L.SE
service=ldap/host.sub.test.h5l.se
R2=TEST2.H5L.SE
port=@port@
@@ -63,6 +59,7 @@ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
KRB5_CONFIG="${objdir}/krb5.conf"
export KRB5_CONFIG
@@ -87,8 +84,6 @@ ${kadmin} \
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1
${kadmin} add -p foo --use-defaults ${service}@${R2} || exit 1
${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
@@ -112,14 +107,6 @@ trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
ec=0
echo "Getting client (no canon)"; > messages.log
${kinit} --password-file=${objdir}/foopassword foo@${R} || \
{ ec=1 ; eval "${testfailed}"; }
echo "checking that we go back right principal"
${klist} | grep "Principal: foo@${R}" > /dev/null || \
{ ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "Getting client alias1 tickets"; > messages.log
${kinit} --canonicalize \
--password-file=${objdir}/foopassword alias1@${R}@${R} || \
@@ -154,32 +141,6 @@ echo "Remove alias"
${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; }
echo "Getting client for ${service}@${R} (kdc referral)"
> messages.log
${kinit} --password-file=${objdir}/foopassword foo@${R} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} --server ${service}@${R} ||
{ ec=1 ; eval "${testfailed}"; }
${klist}
echo "checking that we go back right principal"
${klist} | grep "${service}@${R2}" > /dev/null || \
{ ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "Getting client for ${service}@${R2} (client side guessing)"
> messages.log
${kinit} --password-file=${objdir}/foopassword foo@${R} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} --server ${service}@${R2} ||
{ ec=1 ; eval "${testfailed}"; }
${klist}
echo "checking that we go back right principal"
${klist} | grep "${service}@${R2}" > /dev/null || \
{ ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "killing kdc (${kdcpid})"
kill $kdcpid || exit 1

View File

@@ -11,17 +11,10 @@
TEST.H5L.SE = {
kdc = localhost:@port@
}
SUB.TEST.H5L.SE = {
kdc = localhost:@port@
}
TEST2.H5L.SE = {
kdc = localhost:@port@
}
[domain_realms]
.sub.test.h5l.se = SUB.TEST.H5L.SE
[kdc]
enable-digest = true
digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2