Merge remote branch 'h-github/master' into win32-port2
* h-github/master: (64 commits) refix socket wrappers with rk_ Patch from Secure Endpoints/Asanka Herath for windows support unset KRB5CCNAME its really just LIBADD more most of them correct quoting Use -lpthread for modern freebsd instead clean KRB5CCNAME and KRB5_CONFIG, require test to reset them more up ${env_setup} use PTHREADS_LIBADD for freebsd6 and newer add PTHREAD_LIBADD add PTHREAD_LIBADD add PTHREAD_LIBADD switch to PTHREADS_LIBADD log what the error string say too More debug logging sprinkle more 'echo "test failed"' sprinkle 'echo "test failed"' use calloc(), indent more prettier in sh, equal compare is really = for strings, not == Check for duplicates, already loaded mechs ... Conflicts (resolved): lib/krb5/auth_context.c lib/krb5/changepw.c lib/krb5/context.c lib/krb5/error_string.c lib/krb5/kuserok.c lib/krb5/libkrb5-exports.def.in lib/krb5/net_write.c lib/krb5/store_fd.c lib/krb5/test_cc.c lib/roken/strerror_r.c
This commit is contained in:
@@ -13,43 +13,48 @@ case "$host" in
|
||||
native_pthread_support=yes
|
||||
if test "$GCC" = yes; then
|
||||
PTHREADS_CFLAGS=-pthreads
|
||||
PTHREADS_LIBS=-pthreads
|
||||
PTHREAD_LIBADD=-pthreads
|
||||
else
|
||||
PTHREADS_CFLAGS=-mt
|
||||
PTHREADS_LIBS=-mt
|
||||
PTHREAD_LDADD=-mt
|
||||
PTHREAD_LIBADD=-mt
|
||||
fi
|
||||
;;
|
||||
*-*-netbsd[12]*)
|
||||
*-*-netbsd[[12]]*)
|
||||
native_pthread_support="if running netbsd 1.6T or newer"
|
||||
dnl heim_threads.h knows this
|
||||
PTHREADS_LIBS="-lpthread"
|
||||
PTHREAD_LIBADD="-lpthread"
|
||||
;;
|
||||
*-*-netbsd[3456789]*)
|
||||
*-*-netbsd[[3456789]]*)
|
||||
native_pthread_support="netbsd 3 uses explict pthread"
|
||||
dnl heim_threads.h knows this
|
||||
PTHREADS_LIBS="-lpthread"
|
||||
PTHREAD_LIBADD="-lpthread"
|
||||
;;
|
||||
*-*-freebsd5*)
|
||||
*-*-freebsd[[56]]*)
|
||||
native_pthread_support=yes
|
||||
;;
|
||||
*-*-freebsd[[789]]*)
|
||||
native_pthread_support=yes
|
||||
PTHREADS_LIBADD="-lpthread"
|
||||
;;
|
||||
*-*-openbsd*)
|
||||
native_pthread_support=yes
|
||||
PTHREADS_CFLAGS=-pthread
|
||||
PTHREADS_LIBS=-pthread
|
||||
PTHREAD_LIBADD=-pthread
|
||||
;;
|
||||
*-*-linux* | *-*-linux-gnu)
|
||||
case `uname -r` in
|
||||
2.*)
|
||||
native_pthread_support=yes
|
||||
PTHREADS_CFLAGS=-pthread
|
||||
PTHREADS_LIBS=-pthread
|
||||
PTHREAD_LIBADD=-pthread
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*-*-kfreebsd*-gnu*)
|
||||
native_pthread_support=yes
|
||||
PTHREADS_CFLAGS=-pthread
|
||||
PTHREADS_LIBS=-pthread
|
||||
PTHREAD_LIBADD=-pthread
|
||||
;;
|
||||
*-*-aix*)
|
||||
dnl AIX is disabled since we don't handle the utmp/utmpx
|
||||
@@ -58,7 +63,7 @@ case "$host" in
|
||||
;;
|
||||
mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too
|
||||
native_pthread_support=yes
|
||||
PTHREADS_LIBS="-lpthread"
|
||||
PTHREAD_LIBADD="-lpthread"
|
||||
;;
|
||||
*-*-darwin*)
|
||||
native_pthread_support=yes
|
||||
@@ -77,14 +82,16 @@ if test "$enable_pthread_support" != no; then
|
||||
[Define if you want have a thread safe libraries])
|
||||
dnl This sucks, but libtool doesn't save the depenecy on -pthread
|
||||
dnl for libraries.
|
||||
LIBS="$PTHREADS_LIBS $LIBS"
|
||||
LIBS="$PTHREAD_LIBADD $LIBS"
|
||||
else
|
||||
PTHREADS_CFLAGS=""
|
||||
PTHREADS_LIBS=""
|
||||
PTHREAD_LIBADD=""
|
||||
PTHREADS_LIBADD=""
|
||||
fi
|
||||
|
||||
AC_SUBST(PTHREADS_CFLAGS)
|
||||
AC_SUBST(PTHREADS_LIBS)
|
||||
AC_SUBST(PTHREAD_LDADD)
|
||||
AC_SUBST(PTHREADS_LIBADD)
|
||||
|
||||
AC_MSG_RESULT($enable_pthread_support)
|
||||
])
|
||||
|
@@ -311,7 +311,6 @@ case "$host_os" in
|
||||
AC_BROKEN([daemon]) ;;
|
||||
esac
|
||||
|
||||
|
||||
AC_BROKEN([ \
|
||||
chown \
|
||||
copyhostent \
|
||||
@@ -357,7 +356,6 @@ AC_BROKEN([ \
|
||||
strcasecmp \
|
||||
strdup \
|
||||
strerror \
|
||||
strerror_r \
|
||||
strftime \
|
||||
strlcat \
|
||||
strlcpy \
|
||||
@@ -502,6 +500,19 @@ AC_REQUIRE([rk_BROKEN_REALLOC])dnl
|
||||
|
||||
dnl AC_KRB_FUNC_GETCWD_BROKEN
|
||||
|
||||
dnl strerror_r is great fun, on linux it exists before sus catched up,
|
||||
dnl so the return type is diffrent, lets check for both
|
||||
|
||||
AC_PROTO_COMPAT([
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
],
|
||||
strerror_r, int strerror_r(int, char *, size_t))
|
||||
|
||||
AC_CHECK_FUNC([strerror_r],
|
||||
[AC_DEFINE_UNQUOTED(HAVE_STRERROR_R, 1,
|
||||
[Define if you have the function strerror_r.])])
|
||||
|
||||
dnl
|
||||
dnl Checks for prototypes and declarations
|
||||
dnl
|
||||
|
@@ -7,7 +7,7 @@ AC_CONFIG_SRCDIR([kuser/kinit.c])
|
||||
AC_CONFIG_HEADERS(include/config.h)
|
||||
AC_CONFIG_MACRO_DIR([cf])
|
||||
|
||||
AM_INIT_AUTOMAKE([foreign 1.10])
|
||||
AM_INIT_AUTOMAKE([foreign 1.10.3])
|
||||
AM_MAINTAINER_MODE
|
||||
|
||||
dnl Checks for programs.
|
||||
@@ -628,8 +628,11 @@ dnl This is the release version name-number[beta]
|
||||
dnl
|
||||
|
||||
cat > include/newversion.h.in <<EOF
|
||||
const char *heimdal_long_version = "@([#])\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
|
||||
const char *heimdal_version = "AC_PACKAGE_STRING";
|
||||
#ifndef VERSION_HIDDEN
|
||||
#define VERSION_HIDDEN
|
||||
#endif
|
||||
VERSION_HIDDEN const char *heimdal_long_version = "@([#])\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
|
||||
VERSION_HIDDEN const char *heimdal_version = "AC_PACKAGE_STRING";
|
||||
EOF
|
||||
|
||||
if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
|
||||
|
@@ -55,6 +55,7 @@ Bugfixes, documentation, encouragement, and code has been contributed by:
|
||||
@item Frank van der Linden
|
||||
@item Guido Günther
|
||||
@item Jason McIntyre
|
||||
@item Jan Rekorajski
|
||||
@item Johan Gadsjö
|
||||
@item Johan Ihrén
|
||||
@item John Center
|
||||
@@ -81,6 +82,7 @@ Bugfixes, documentation, encouragement, and code has been contributed by:
|
||||
@item Roman Divacky
|
||||
@item Sho Hosoda, 細田 将
|
||||
@item Stefan Metzmacher
|
||||
@item Ted Percival
|
||||
@item Victor Guerra
|
||||
@item Zeqing Xia
|
||||
@item Åke Sandgren
|
||||
|
@@ -61,7 +61,6 @@ check_PROGRAMS = $(TESTS)
|
||||
|
||||
LDADD_common = \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_hcrypto) \
|
||||
$(top_builddir)/lib/asn1/libasn1.la \
|
||||
|
@@ -31,7 +31,6 @@ $(kcm_OBJECTS): $(srcdir)/kcm-protos.h
|
||||
man_MANS = kcm.8
|
||||
|
||||
LDADD = $(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_krb4) \
|
||||
$(LIB_hcrypto) \
|
||||
|
@@ -70,7 +70,6 @@ $(srcdir)/kdc-private.h:
|
||||
|
||||
hprop_LDADD = \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_kdb) $(LIB_krb4) \
|
||||
$(LIB_hcrypto) \
|
||||
@@ -80,7 +79,6 @@ hprop_LDADD = \
|
||||
|
||||
hpropd_LDADD = \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_kdb) $(LIB_krb4) \
|
||||
$(LIB_hcrypto) \
|
||||
@@ -95,7 +93,6 @@ endif
|
||||
libkdc_la_LIBADD = \
|
||||
$(LIB_pkinit) \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_kdb) $(LIB_krb4) \
|
||||
$(top_builddir)/lib/ntlm/libheimntlm.la \
|
||||
@@ -105,7 +102,6 @@ libkdc_la_LIBADD = \
|
||||
$(DBLIB)
|
||||
|
||||
LDADD = $(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_krb4) \
|
||||
$(LIB_hcrypto) \
|
||||
|
@@ -19,7 +19,6 @@ kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
|
||||
kpasswdd_LDADD = \
|
||||
$(top_builddir)/lib/kadm5/libkadm5srv.la \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(LDADD) \
|
||||
$(LIB_pidfile) \
|
||||
$(LIB_dlopen) \
|
||||
|
@@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
|
||||
int32_t seq_number;
|
||||
int is_cfx = 0;
|
||||
|
||||
krb5_auth_getremoteseqnumber (context,
|
||||
ctx->auth_context,
|
||||
&seq_number);
|
||||
krb5_auth_con_getremoteseqnumber (context,
|
||||
ctx->auth_context,
|
||||
&seq_number);
|
||||
|
||||
_gsskrb5i_is_cfx(context, ctx, 1);
|
||||
is_cfx = (ctx->more_flags & IS_CFX);
|
||||
@@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
kret = krb5_auth_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&r_seq_number);
|
||||
kret = krb5_auth_con_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&r_seq_number);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
@@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
|
||||
{
|
||||
int32_t tmp_r_seq_number, tmp_l_seq_number;
|
||||
|
||||
kret = krb5_auth_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&tmp_r_seq_number);
|
||||
kret = krb5_auth_con_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&tmp_r_seq_number);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
|
@@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred
|
||||
|
||||
if (desired_name != GSS_C_NO_NAME) {
|
||||
|
||||
ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
|
||||
ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
|
||||
desired_name, &handle->principal);
|
||||
if (ret) {
|
||||
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
|
||||
|
@@ -255,7 +255,7 @@ gsskrb5_initiator_ready(
|
||||
krb5_cc_close(context, ctx->ccache);
|
||||
ctx->ccache = NULL;
|
||||
|
||||
krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
|
||||
krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
|
||||
|
||||
_gsskrb5i_is_cfx(context, ctx, 0);
|
||||
is_cfx = (ctx->more_flags & IS_CFX);
|
||||
@@ -782,7 +782,7 @@ repl_mutual
|
||||
* for the gss_wrap calls.
|
||||
*/
|
||||
|
||||
krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
|
||||
krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
|
||||
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
|
||||
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);
|
||||
|
||||
|
@@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
|
||||
if (ret) goto out;
|
||||
ret = krb5_store_uint32(sp, (uint32_t)number);
|
||||
if (ret) goto out;
|
||||
krb5_auth_getremoteseqnumber (context,
|
||||
context_handle->auth_context,
|
||||
&number);
|
||||
krb5_auth_con_getremoteseqnumber (context,
|
||||
context_handle->auth_context,
|
||||
&number);
|
||||
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
|
||||
if (ret) goto out;
|
||||
ret = krb5_store_uint32(sp, (uint32_t)number);
|
||||
|
@@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech)
|
||||
if (mech == NULL)
|
||||
return 0;
|
||||
|
||||
m = malloc(sizeof(*m));
|
||||
m = calloc(1, sizeof(*m));
|
||||
if (m == NULL)
|
||||
return 1;
|
||||
return ENOMEM;
|
||||
m->gm_so = NULL;
|
||||
m->gm_mech = *mech;
|
||||
m->gm_mech_oid = mech->gm_mech_oid; /* XXX */
|
||||
@@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech)
|
||||
|
||||
/* pick up the oid sets of names */
|
||||
|
||||
if (m->gm_mech.gm_inquire_names_for_mech) {
|
||||
if (m->gm_mech.gm_inquire_names_for_mech)
|
||||
(*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
|
||||
&m->gm_mech.gm_mech_oid, &m->gm_name_types);
|
||||
} else {
|
||||
|
||||
if (m->gm_name_types == NULL)
|
||||
gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
|
||||
}
|
||||
|
||||
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
|
||||
return 0;
|
||||
@@ -211,6 +211,8 @@ _gss_load_mech(void)
|
||||
char *name, *oid, *lib, *kobj;
|
||||
struct _gss_mech_switch *m;
|
||||
void *so;
|
||||
gss_OID_desc mech_oid;
|
||||
int found;
|
||||
|
||||
|
||||
HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
|
||||
@@ -253,6 +255,23 @@ _gss_load_mech(void)
|
||||
if (!name || !oid || !lib || !kobj)
|
||||
continue;
|
||||
|
||||
if (_gss_string_to_oid(oid, &mech_oid))
|
||||
continue;
|
||||
|
||||
/*
|
||||
* Check for duplicates, already loaded mechs.
|
||||
*/
|
||||
found = 0;
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
|
||||
found = 1;
|
||||
free(mech_oid.elements);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (found)
|
||||
continue;
|
||||
|
||||
#ifndef RTLD_LOCAL
|
||||
#define RTLD_LOCAL 0
|
||||
#endif
|
||||
@@ -260,17 +279,17 @@ _gss_load_mech(void)
|
||||
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
|
||||
if (!so) {
|
||||
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
|
||||
free(mech_oid.elements);
|
||||
continue;
|
||||
}
|
||||
|
||||
m = malloc(sizeof(*m));
|
||||
if (!m)
|
||||
if (!m) {
|
||||
free(mech_oid.elements);
|
||||
break;
|
||||
m->gm_so = so;
|
||||
if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
|
||||
free(m);
|
||||
continue;
|
||||
}
|
||||
m->gm_so = so;
|
||||
m->gm_mech.gm_mech_oid = mech_oid;
|
||||
m->gm_mech.gm_flags = 0;
|
||||
|
||||
major_status = gss_add_oid_set_member(&minor_status,
|
||||
|
@@ -43,6 +43,7 @@
|
||||
static char *type_string;
|
||||
static char *mech_string;
|
||||
static char *ret_mech_string;
|
||||
static char *client_name;
|
||||
static int dns_canon_flag = -1;
|
||||
static int mutual_auth_flag = 0;
|
||||
static int dce_style_flag = 0;
|
||||
@@ -58,10 +59,14 @@ static char *session_enctype_string = NULL;
|
||||
static int client_time_offset = 0;
|
||||
static int server_time_offset = 0;
|
||||
static int max_loops = 0;
|
||||
static char *limit_enctype_string = NULL;
|
||||
static int version_flag = 0;
|
||||
static int verbose_flag = 0;
|
||||
static int help_flag = 0;
|
||||
|
||||
static krb5_context context;
|
||||
static krb5_enctype limit_enctype = 0;
|
||||
|
||||
static struct {
|
||||
const char *name;
|
||||
gss_OID *oid;
|
||||
@@ -452,6 +457,8 @@ static struct getargs args[] = {
|
||||
{"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag,
|
||||
"use dns to canonicalize", NULL },
|
||||
{"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL },
|
||||
{"client-name", 0, arg_string, &client_name, "client name", NULL },
|
||||
{"limit-enctype",0, arg_string, &limit_enctype_string, "enctype", NULL },
|
||||
{"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL },
|
||||
{"wrapunwrap",0, arg_flag, &wrapunwrap_flag, "wrap/unwrap", NULL },
|
||||
{"iov", 0, arg_flag, &iov_flag, "wrap/unwrap iov", NULL },
|
||||
@@ -488,10 +495,13 @@ main(int argc, char **argv)
|
||||
gss_ctx_id_t cctx, sctx;
|
||||
void *ctx;
|
||||
gss_OID nameoid, mechoid, actual_mech, actual_mech2;
|
||||
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
|
||||
gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL;
|
||||
|
||||
setprogname(argv[0]);
|
||||
|
||||
if (krb5_init_context(&context))
|
||||
errx(1, "krb5_init_context");
|
||||
|
||||
cctx = sctx = GSS_C_NO_CONTEXT;
|
||||
|
||||
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
|
||||
@@ -531,7 +541,47 @@ main(int argc, char **argv)
|
||||
if (gsskrb5_acceptor_identity)
|
||||
gsskrb5_register_acceptor_identity(gsskrb5_acceptor_identity);
|
||||
|
||||
loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL,
|
||||
if (client_name) {
|
||||
gss_buffer_desc cn;
|
||||
gss_name_t cname;
|
||||
cn.value = client_name;
|
||||
cn.length = strlen(client_name);
|
||||
maj_stat = gss_import_name(&min_stat, &cn, GSS_C_NT_USER_NAME, &cname);
|
||||
if (maj_stat)
|
||||
errx(1, "gss_import_name: %s",
|
||||
gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
|
||||
|
||||
maj_stat = gss_acquire_cred(&min_stat, cname, 0, NULL,
|
||||
GSS_C_INITIATE, &client_cred, NULL, NULL);
|
||||
if (GSS_ERROR(maj_stat))
|
||||
errx(1, "gss_import_name: %s",
|
||||
gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
|
||||
gss_release_name(&min_stat, &cname);
|
||||
}
|
||||
|
||||
if (limit_enctype_string) {
|
||||
krb5_error_code ret;
|
||||
|
||||
ret = krb5_string_to_enctype(context,
|
||||
limit_enctype_string,
|
||||
&limit_enctype);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_string_to_enctype");
|
||||
}
|
||||
|
||||
|
||||
if (limit_enctype) {
|
||||
if (client_cred == NULL)
|
||||
errx(1, "client_cred missing");
|
||||
|
||||
maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, client_cred,
|
||||
1, &limit_enctype);
|
||||
if (maj_stat)
|
||||
errx(1, "gss_krb5_set_allowable_enctypes: %s",
|
||||
gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
|
||||
}
|
||||
|
||||
loop(mechoid, nameoid, argv[0], client_cred,
|
||||
&sctx, &cctx, &actual_mech, &deleg_cred);
|
||||
|
||||
if (verbose_flag)
|
||||
@@ -549,7 +599,6 @@ main(int argc, char **argv)
|
||||
|
||||
/* XXX should be actual_mech */
|
||||
if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
|
||||
krb5_context context;
|
||||
time_t time;
|
||||
gss_buffer_desc authz_data;
|
||||
gss_buffer_desc in, out1, out2;
|
||||
@@ -557,10 +606,6 @@ main(int argc, char **argv)
|
||||
krb5_timestamp now;
|
||||
krb5_error_code ret;
|
||||
|
||||
ret = krb5_init_context(&context);
|
||||
if (ret)
|
||||
errx(1, "krb5_init_context");
|
||||
|
||||
ret = krb5_timeofday(context, &now);
|
||||
if (ret)
|
||||
errx(1, "krb5_timeofday failed");
|
||||
@@ -624,6 +669,8 @@ main(int argc, char **argv)
|
||||
|
||||
if (maj_stat != GSS_S_COMPLETE)
|
||||
keyblock = NULL;
|
||||
else if (limit_enctype && keyblock->keytype != limit_enctype)
|
||||
errx(1, "gsskrb5_get_subkey wrong enctype");
|
||||
|
||||
maj_stat = gsskrb5_get_subkey(&min_stat,
|
||||
cctx,
|
||||
@@ -635,6 +682,8 @@ main(int argc, char **argv)
|
||||
|
||||
if (maj_stat != GSS_S_COMPLETE)
|
||||
keyblock2 = NULL;
|
||||
else if (limit_enctype && keyblock->keytype != limit_enctype)
|
||||
errx(1, "gsskrb5_get_subkey wrong enctype");
|
||||
|
||||
if (keyblock || keyblock2) {
|
||||
if (keyblock == NULL)
|
||||
@@ -679,8 +728,12 @@ main(int argc, char **argv)
|
||||
errx(1, "gsskrb5_get_initiator_subkey failed: %s",
|
||||
gssapi_err(maj_stat, min_stat, actual_mech));
|
||||
|
||||
if (maj_stat == GSS_S_COMPLETE)
|
||||
if (maj_stat == GSS_S_COMPLETE) {
|
||||
|
||||
if (limit_enctype && keyblock->keytype != limit_enctype)
|
||||
errx(1, "gsskrb5_get_initiator_subkey wrong enctype");
|
||||
krb5_free_keyblock(context, keyblock);
|
||||
}
|
||||
|
||||
maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
|
||||
sctx,
|
||||
@@ -689,8 +742,6 @@ main(int argc, char **argv)
|
||||
if (maj_stat == GSS_S_COMPLETE)
|
||||
gss_release_buffer(&min_stat, &authz_data);
|
||||
|
||||
krb5_free_context(context);
|
||||
|
||||
|
||||
memset(&out1, 0, sizeof(out1));
|
||||
memset(&out2, 0, sizeof(out2));
|
||||
@@ -866,8 +917,9 @@ main(int argc, char **argv)
|
||||
|
||||
}
|
||||
|
||||
|
||||
empty_release();
|
||||
|
||||
krb5_free_context(context);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@@ -47,11 +47,13 @@ if OPENLDAP_MODULE
|
||||
|
||||
ldap_so = hdb_ldap.la
|
||||
hdb_ldap_la_SOURCES = hdb-ldap.c
|
||||
hdb_ldap_la_LDFLAGS = -module
|
||||
hdb_ldap_la_LDFLAGS = -module -avoid-version
|
||||
hdb_ldap_la_LIBADD = $(LIB_openldap) libhdb.la
|
||||
|
||||
else
|
||||
|
||||
ldap = hdb-ldap.c
|
||||
ldap_lib = $(LIB_openldap)
|
||||
|
||||
endif
|
||||
|
||||
@@ -95,7 +97,7 @@ libhdb_la_LIBADD = \
|
||||
../asn1/libasn1.la \
|
||||
$(LIB_sqlite3) \
|
||||
$(LIBADD_roken) \
|
||||
$(LIB_openldap) \
|
||||
$(ldap_lib) \
|
||||
$(LIB_dlopen) \
|
||||
$(DBLIB) \
|
||||
$(LIB_NDBM)
|
||||
|
@@ -1,5 +1,3 @@
|
||||
# $Id: Makefile.am,v 1.1 2004/12/20 08:31:45 assar Exp $
|
||||
|
||||
include $(top_srcdir)/Makefile.am.common
|
||||
|
||||
noinst_LTLIBRARIES = libheim-ipcc.la libheim-ipcs.la
|
||||
@@ -9,19 +7,22 @@ libheim_ipcs_la_SOURCES = server.c common.c
|
||||
|
||||
include_HEADERS = heim-ipc.h
|
||||
|
||||
libheim_ipcc_la_LDFLAGS = -version-info 0:0:0
|
||||
libheim_ipcs_la_LDFLAGS = -version-info 0:0:0
|
||||
##
|
||||
## Enable when this is not a noinst_ library
|
||||
##
|
||||
#libheim_ipcc_la_LDFLAGS = -version-info 0:0:0
|
||||
#libheim_ipcs_la_LDFLAGS = -version-info 0:0:0
|
||||
#
|
||||
#if versionscript
|
||||
#libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map
|
||||
#libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map
|
||||
#endif
|
||||
|
||||
libheim_ipcc_la_LIBADD = \
|
||||
$(LIB_roken)
|
||||
|
||||
libheim_ipcs_la_LIBADD = $(libheim_ipcc_la_LIBADD)
|
||||
|
||||
if versionscript
|
||||
libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map
|
||||
libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map
|
||||
endif
|
||||
|
||||
TESTS = $(check_PROGRAMS)
|
||||
|
||||
noinst_PROGRAMS = tc ts
|
||||
|
@@ -74,7 +74,7 @@ test_service(void *ctx, const heim_idata *req,
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
heim_sipc unix;
|
||||
heim_sipc u;
|
||||
int optidx = 0;
|
||||
|
||||
setprogname(argv[0]);
|
||||
@@ -98,7 +98,7 @@ main(int argc, char **argv)
|
||||
}
|
||||
#endif
|
||||
heim_sipc_service_unix("org.h5l.test-ipc",
|
||||
test_service, NULL, &unix);
|
||||
test_service, NULL, &u);
|
||||
heim_ipc_main();
|
||||
|
||||
return 0;
|
||||
|
@@ -32,7 +32,9 @@ default_keys_SOURCES = default_keys.c
|
||||
kadm5includedir = $(includedir)/kadm5
|
||||
buildkadm5include = $(buildinclude)/kadm5
|
||||
|
||||
dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
|
||||
dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h
|
||||
dist_kadm5include_HEADERS += kadm5-protos.h kadm5-private.h
|
||||
|
||||
nodist_kadm5include_HEADERS = kadm5_err.h
|
||||
|
||||
install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
|
||||
@@ -69,7 +71,6 @@ dist_libkadm5clnt_la_SOURCES = \
|
||||
randkey_c.c \
|
||||
rename_c.c \
|
||||
send_recv.c \
|
||||
kadm5-pwcheck.h \
|
||||
admin.h
|
||||
|
||||
nodist_libkadm5clnt_la_SOURCES = \
|
||||
@@ -106,7 +107,6 @@ dist_libkadm5srv_la_SOURCES = \
|
||||
server_glue.c \
|
||||
set_keys.c \
|
||||
set_modifier.c \
|
||||
kadm5-pwcheck.h \
|
||||
admin.h
|
||||
|
||||
nodist_libkadm5srv_la_SOURCES = \
|
||||
@@ -125,7 +125,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
|
||||
LDADD = \
|
||||
libkadm5srv.la \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(top_builddir)/lib/asn1/libasn1.la \
|
||||
$(LIB_hcrypto) \
|
||||
@@ -137,7 +136,6 @@ LDADD = \
|
||||
iprop_log_LDADD = \
|
||||
libkadm5srv.la \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(top_builddir)/lib/asn1/libasn1.la \
|
||||
$(LIB_hcrypto) \
|
||||
|
@@ -67,6 +67,7 @@ libkrb5_la_LIBADD = \
|
||||
../wind/libwind.la \
|
||||
$(LIB_libintl) \
|
||||
$(LIBADD_roken) \
|
||||
$(PTHREAD_LIBADD) \
|
||||
$(LIB_door_create) \
|
||||
$(LIB_dlopen)
|
||||
|
||||
@@ -187,7 +188,7 @@ dist_libkrb5_la_SOURCES = \
|
||||
nodist_libkrb5_la_SOURCES = \
|
||||
$(ERR_FILES)
|
||||
|
||||
libkrb5_la_LDFLAGS = -version-info 25:0:0
|
||||
libkrb5_la_LDFLAGS = -version-info 26:0:0
|
||||
|
||||
if versionscript
|
||||
libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
|
||||
|
@@ -257,7 +257,7 @@ krb5_acl_match_file(krb5_context context,
|
||||
f = fopen(file, "r");
|
||||
if(f == NULL) {
|
||||
int save_errno = errno;
|
||||
strerror_r(save_errno, buf, sizeof(buf));
|
||||
rk_strerror_r(save_errno, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, save_errno,
|
||||
N_("open(%s): %s", "file, errno"),
|
||||
file, buf);
|
||||
|
@@ -173,7 +173,7 @@ krb5_auth_con_genaddrs(krb5_context context,
|
||||
if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) {
|
||||
char buf[128];
|
||||
ret = rk_SOCK_ERRNO;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "getsockname: %s", buf);
|
||||
goto out;
|
||||
}
|
||||
@@ -191,7 +191,7 @@ krb5_auth_con_genaddrs(krb5_context context,
|
||||
if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) {
|
||||
char buf[128];
|
||||
ret = rk_SOCK_ERRNO;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "getpeername: %s", buf);
|
||||
goto out;
|
||||
}
|
||||
|
@@ -603,7 +603,7 @@ change_password_loop (krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef NO_LIMIT_FD_SETSIZE
|
||||
#ifndef NO_LIMIT_FD_SETSIZE
|
||||
if (sock >= FD_SETSIZE) {
|
||||
ret = ERANGE;
|
||||
krb5_set_error_message(context, ret,
|
||||
|
@@ -531,11 +531,23 @@ krb5_free_context(krb5_context context)
|
||||
krb5_set_ignore_addresses(context, NULL);
|
||||
krb5_set_send_to_kdc_func(context, NULL, NULL);
|
||||
|
||||
#ifdef PKINIT
|
||||
hx509_context_free(&context->hx509ctx);
|
||||
#endif
|
||||
|
||||
HEIMDAL_MUTEX_destroy(context->mutex);
|
||||
free(context->mutex);
|
||||
<<<<<<< HEAD
|
||||
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
|
||||
rk_SOCK_EXIT();
|
||||
}
|
||||
=======
|
||||
#ifdef NEED_SOCK_INIT
|
||||
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
|
||||
SOCK_EXIT;
|
||||
}
|
||||
#endif
|
||||
>>>>>>> h-github/master
|
||||
|
||||
memset(context, 0, sizeof(*context));
|
||||
free(context);
|
||||
|
@@ -99,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
|
||||
break;
|
||||
default: {
|
||||
char buf[128];
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("error locking cache file %s: %s",
|
||||
"file, error"), filename, buf);
|
||||
@@ -133,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd)
|
||||
break;
|
||||
default: {
|
||||
char buf[128];
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("Failed to unlock file: %s", ""), buf);
|
||||
break;
|
||||
@@ -397,7 +397,7 @@ fcc_open(krb5_context context,
|
||||
if(fd < 0) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
|
||||
filename, buf);
|
||||
return ret;
|
||||
@@ -461,7 +461,7 @@ fcc_initialize(krb5_context context,
|
||||
if (ret == 0) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
|
||||
FILENAME(id), buf);
|
||||
}
|
||||
@@ -516,7 +516,7 @@ fcc_store_cred(krb5_context context,
|
||||
if (close(fd) < 0) {
|
||||
if (ret == 0) {
|
||||
char buf[128];
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
ret = errno;
|
||||
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
|
||||
FILENAME(id), buf);
|
||||
@@ -930,7 +930,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
|
||||
if (ret && errno != EXDEV) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("Rename of file from %s "
|
||||
"to %s failed: %s", ""),
|
||||
@@ -997,7 +997,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
|
||||
close(fd);
|
||||
}
|
||||
|
||||
fcc_destroy(context, from);
|
||||
fcc_close(context, from);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@@ -1541,6 +1541,7 @@ krb5_init_creds_set_keytab(krb5_context context,
|
||||
/* remove old list of etype */
|
||||
if (etypes)
|
||||
free(etypes);
|
||||
etypes = NULL;
|
||||
netypes = 0;
|
||||
kvno = entry.vno;
|
||||
} else if (entry.vno != kvno)
|
||||
|
@@ -78,7 +78,7 @@ kcm_send_request(krb5_context context,
|
||||
ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc);
|
||||
HEIMDAL_MUTEX_unlock(&kcm_mutex);
|
||||
if (ret)
|
||||
return ret;
|
||||
return KRB5_CC_NOSUPP;
|
||||
|
||||
ret = krb5_storage_to_data(request, &request_data);
|
||||
if (ret) {
|
||||
|
@@ -221,6 +221,9 @@ match_local_principals(krb5_context context,
|
||||
* ignored. Subdirectories are not traversed. Note that this directory
|
||||
* may not be checked by other Kerberos implementations.
|
||||
*
|
||||
* If no configuration file exists, match user against local domains,
|
||||
* ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES.
|
||||
*
|
||||
* @param context Kerberos 5 context.
|
||||
* @param principal principal to check if allowed to login
|
||||
* @param luser local user id
|
||||
@@ -293,10 +296,9 @@ krb5_kuserok (krb5_context context,
|
||||
|
||||
return FALSE;
|
||||
#else
|
||||
/* On Windows, for now we always return TRUE. The .k5login file
|
||||
may be on a remote profile and we don't have access to the
|
||||
profile until we have a token handle for the user's
|
||||
credentials. */
|
||||
return TRUE;
|
||||
/* The .k5login file may be on a remote profile and we don't have
|
||||
access to the profile until we have a token handle for the
|
||||
user's credentials. */
|
||||
return match_local_principals(context, principal, luser);
|
||||
#endif
|
||||
}
|
||||
|
@@ -57,6 +57,7 @@ EXPORTS
|
||||
krb5_auth_con_setuserkey
|
||||
krb5_auth_getremoteseqnumber
|
||||
krb5_build_ap_req
|
||||
krb5_build_authenticator
|
||||
krb5_build_principal
|
||||
krb5_build_principal_ext
|
||||
krb5_build_principal_va
|
||||
@@ -137,11 +138,13 @@ EXPORTS
|
||||
krb5_compare_creds
|
||||
krb5_config_file_free
|
||||
krb5_config_free_strings
|
||||
krb5_config_get
|
||||
krb5_config_get_bool
|
||||
krb5_config_get_bool_default
|
||||
krb5_config_get_int
|
||||
krb5_config_get_int_default
|
||||
krb5_config_get_list
|
||||
krb5_config_get_next
|
||||
krb5_config_get_string
|
||||
krb5_config_get_string_default
|
||||
krb5_config_get_strings
|
||||
@@ -150,11 +153,13 @@ EXPORTS
|
||||
krb5_config_parse_file
|
||||
krb5_config_parse_file_multi
|
||||
krb5_config_parse_string_multi
|
||||
krb5_config_vget
|
||||
krb5_config_vget_bool
|
||||
krb5_config_vget_bool_default
|
||||
krb5_config_vget_int
|
||||
krb5_config_vget_int_default
|
||||
krb5_config_vget_list
|
||||
krb5_config_vget_next
|
||||
krb5_config_vget_string
|
||||
krb5_config_vget_string_default
|
||||
krb5_config_vget_strings
|
||||
@@ -675,11 +680,12 @@ EXPORTS
|
||||
krb5_write_priv_message
|
||||
krb5_write_safe_message
|
||||
krb5_xfree
|
||||
krb5_cccol_last_change_time
|
||||
krb5_cccol_cursor_new
|
||||
krb5_cccol_cursor_next
|
||||
krb5_cccol_cursor_free
|
||||
|
||||
; com_err error tables
|
||||
; com_err error tables
|
||||
initialize_krb5_error_table_r
|
||||
initialize_krb5_error_table
|
||||
initialize_krb_error_table_r
|
||||
@@ -689,7 +695,7 @@ EXPORTS
|
||||
initialize_k524_error_table_r
|
||||
initialize_k524_error_table
|
||||
|
||||
; variables
|
||||
; variables
|
||||
krb5_mcc_ops DATA
|
||||
krb5_acc_ops DATA
|
||||
krb5_fcc_ops DATA
|
||||
@@ -699,7 +705,9 @@ EXPORTS
|
||||
#ifdef HAVE_KCM
|
||||
krb5_kcm_ops DATA
|
||||
#endif
|
||||
; krb4_fkt_ops DATA
|
||||
#ifdef HAVE_KRB4
|
||||
krb4_fkt_ops DATA
|
||||
#endif
|
||||
krb5_wrfkt_ops DATA
|
||||
krb5_mkt_ops DATA
|
||||
krb5_akf_ops DATA
|
||||
@@ -714,13 +722,13 @@ EXPORTS
|
||||
krb5_cc_type_kcm DATA
|
||||
krb5_cc_type_scc DATA
|
||||
|
||||
; Shared with GSSAPI krb5
|
||||
; Shared with GSSAPI krb5
|
||||
_krb5_crc_init_table
|
||||
_krb5_crc_update
|
||||
_krb5_get_krbtgt
|
||||
_krb5_build_authenticator
|
||||
|
||||
; V4 compat glue
|
||||
; V4 compat glue
|
||||
_krb5_krb_tf_setup
|
||||
_krb5_krb_dest_tkt
|
||||
_krb5_krb_life_to_time
|
||||
@@ -734,7 +742,7 @@ EXPORTS
|
||||
_krb5_krb_time_to_life
|
||||
_krb5_krb_cr_err_reply
|
||||
|
||||
; Shared with libkdc
|
||||
; Shared with libkdc
|
||||
_krb5_AES_string_to_default_iterator
|
||||
_krb5_dh_group_ok
|
||||
_krb5_get_host_realm_int
|
||||
@@ -753,12 +761,13 @@ EXPORTS
|
||||
_krb5_principalname2krb5_principal
|
||||
_krb5_put_int
|
||||
_krb5_s4u2self_to_checksumdata
|
||||
_krb5_expand_path_tokens
|
||||
|
||||
; kinit helper
|
||||
; kinit helper
|
||||
_krb5_get_init_creds_opt_set_pkinit_user_certs
|
||||
_krb5_pk_enterprise_cert
|
||||
|
||||
; testing
|
||||
; testing
|
||||
; _krb5_aes_cts_encrypt
|
||||
_krb5_n_fold
|
||||
_krb5_expand_default_cc_name
|
||||
|
@@ -43,7 +43,6 @@ krb5_net_write (krb5_context context,
|
||||
return net_write(fd, buf, len);
|
||||
}
|
||||
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
|
||||
krb5_net_write_block(krb5_context context,
|
||||
void *p_fd,
|
||||
|
@@ -135,7 +135,7 @@ krb5_rc_initialize(krb5_context context,
|
||||
if(f == NULL) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
|
||||
return ret;
|
||||
}
|
||||
@@ -161,7 +161,7 @@ krb5_rc_destroy(krb5_context context,
|
||||
if(remove(id->name) < 0) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
|
||||
return ret;
|
||||
}
|
||||
@@ -212,7 +212,7 @@ krb5_rc_store(krb5_context context,
|
||||
if(f == NULL) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
|
||||
return ret;
|
||||
}
|
||||
@@ -232,7 +232,7 @@ krb5_rc_store(krb5_context context,
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
fclose(f);
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "%s: %s",
|
||||
id->name, buf);
|
||||
return ret;
|
||||
@@ -241,7 +241,7 @@ krb5_rc_store(krb5_context context,
|
||||
f = fopen(id->name, "a");
|
||||
if(f == NULL) {
|
||||
char buf[128];
|
||||
strerror_r(errno, buf, sizeof(buf));
|
||||
rk_strerror_r(errno, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
|
||||
"open(%s): %s", id->name, buf);
|
||||
return KRB5_RC_IO_UNKNOWN;
|
||||
|
@@ -142,9 +142,9 @@ send_and_recv_tcp(krb5_socket_t fd,
|
||||
krb5_data len_data;
|
||||
|
||||
_krb5_put_int(len, req->length, 4);
|
||||
if(net_write(fd, len, sizeof(len)) < 0)
|
||||
if(net_write (fd, len, sizeof(len)) < 0)
|
||||
return -1;
|
||||
if(net_write(fd, req->data, req->length) < 0)
|
||||
if(net_write (fd, req->data, req->length) < 0)
|
||||
return -1;
|
||||
if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
|
||||
return -1;
|
||||
|
@@ -91,7 +91,7 @@ krb5_storage_from_fd(krb5_socket_t fd_in)
|
||||
krb5_storage *sp;
|
||||
int fd;
|
||||
|
||||
#ifdef _WIN32
|
||||
#ifdef SOCKET_IS_NOT_AN_FD
|
||||
#ifdef _MSC_VER
|
||||
if (_get_osfhandle(fd_in) != -1) {
|
||||
fd = dup(fd_in);
|
||||
@@ -101,7 +101,7 @@ krb5_storage_from_fd(krb5_socket_t fd_in)
|
||||
#else
|
||||
#error Dont know how to deal with fd that may or may not be a socket.
|
||||
#endif
|
||||
#else
|
||||
#else /* SOCKET_IS_NOT_AN_FD */
|
||||
fd = dup(fd_in);
|
||||
#endif
|
||||
|
||||
|
@@ -77,12 +77,12 @@ test_default_name(krb5_context context)
|
||||
krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
|
||||
p3 = estrdup(p);
|
||||
|
||||
#ifndef KRB5_USE_PATH_TOKENS
|
||||
#ifndef KRB5_USE_PATH_TOKENS
|
||||
/* If we are using path tokens, we don't expect the p3 and
|
||||
test_cc_name to match since p3 is going to have expanded
|
||||
tokens. */
|
||||
if (strcmp(p3, test_cc_name) != 0)
|
||||
krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
|
||||
krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
|
||||
#endif
|
||||
|
||||
free(p1);
|
||||
|
@@ -39,6 +39,7 @@ HEIMDAL_KRB5_2.0 {
|
||||
krb5_auth_con_getlocalseqnumber;
|
||||
krb5_auth_con_getlocalsubkey;
|
||||
krb5_auth_con_getrcache;
|
||||
krb5_auth_con_getremoteseqnumber;
|
||||
krb5_auth_con_getremotesubkey;
|
||||
krb5_auth_con_init;
|
||||
krb5_auth_con_removeflags;
|
||||
@@ -117,7 +118,7 @@ HEIMDAL_KRB5_2.0 {
|
||||
krb5_cc_set_kdc_offset;
|
||||
krb5_cc_start_seq_get;
|
||||
krb5_cc_store_cred;
|
||||
krb5_cc_support_switch
|
||||
krb5_cc_support_switch;
|
||||
krb5_cc_switch;
|
||||
krb5_cc_set_friendly_name;
|
||||
krb5_change_password;
|
||||
|
@@ -35,7 +35,5 @@
|
||||
|
||||
/* this is just to get a version stamp in the library file */
|
||||
|
||||
#define heimdal_version __heimdal_version
|
||||
#define heimdal_long_version __heimdal_long_version
|
||||
#include "version.h"
|
||||
|
||||
|
@@ -46,21 +46,45 @@ struct ntlm_buf {
|
||||
};
|
||||
|
||||
#define NTLM_NEG_UNICODE 0x00000001
|
||||
#define NTLM_NEG_OEM 0x00000002
|
||||
#define NTLM_NEG_TARGET 0x00000004
|
||||
#define NTLM_MBZ9 0x00000008
|
||||
|
||||
#define NTLM_NEG_SIGN 0x00000010
|
||||
#define NTLM_NEG_SEAL 0x00000020
|
||||
#define NTLM_NEG_DATAGRAM 0x00000040
|
||||
#define NTLM_NEG_LM_KEY 0x00000080
|
||||
|
||||
#define NTLM_MBZ8 0x00000100
|
||||
#define NTLM_NEG_NTLM 0x00000200
|
||||
#define NTLM_NEG_NT_ONLY 0x00000400
|
||||
#define NTLM_MBZ7 0x00000800 /* anon ? */
|
||||
|
||||
#define NTLM_SUPPLIED_DOMAIN 0x00001000
|
||||
#define NTLM_SUPPLIED_WORKSTAION 0x00002000
|
||||
|
||||
#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000
|
||||
#define NTLM_OEM_SUPPLIED_WORKSTAION 0x00002000
|
||||
#define NTLM_MBZ6 0x00004000 /* local call ? */
|
||||
#define NTLM_NEG_ALWAYS_SIGN 0x00008000
|
||||
#define NTLM_NEG_NTLM2_SESSION 0x00080000
|
||||
|
||||
#define NTLM_TARGET_DOMAIN 0x00010000
|
||||
#define NTLM_TARGET_SERVER 0x00020000
|
||||
#define NTLM_TARGET_SHARE 0x00040000
|
||||
#define NTLM_NEG_NTLM2_SESSION 0x00080000
|
||||
#define NTLM_NEG_NTLM2 0x00080000
|
||||
|
||||
#define NTLM_NEG_IDENTIFY 0x00100000
|
||||
#define NTLM_MBZ5 0x00200000
|
||||
#define NTLM_NON_NT_SESSION_KEY 0x00400000
|
||||
#define NTLM_NEG_TARGET_INFO 0x00800000
|
||||
|
||||
#define NTLM_MBZ4 0x01000000
|
||||
#define NTLM_NEG_VERSION 0x02000000
|
||||
#define NTLM_MBZ3 0x04000000
|
||||
#define NTLM_MBZ2 0x08000000
|
||||
|
||||
#define NTLM_MBZ1 0x10000000
|
||||
#define NTLM_ENC_128 0x20000000
|
||||
#define NTLM_NEG_KEYEX 0x40000000
|
||||
#define NTLM_NEGOTIATE_56 0x80000000
|
||||
|
||||
/**
|
||||
* Struct for the NTLM target info, the strings is assumed to be in
|
||||
|
@@ -422,9 +422,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
|
||||
CHECK(krb5_ret_uint32(in, &type), 0);
|
||||
CHECK(type, 1);
|
||||
CHECK(krb5_ret_uint32(in, &data->flags), 0);
|
||||
if (data->flags & NTLM_SUPPLIED_DOMAIN)
|
||||
if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
|
||||
CHECK(ret_sec_buffer(in, &domain), 0);
|
||||
if (data->flags & NTLM_SUPPLIED_WORKSTAION)
|
||||
if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION)
|
||||
CHECK(ret_sec_buffer(in, &hostname), 0);
|
||||
#if 0
|
||||
if (domain.offset > 32) {
|
||||
@@ -432,9 +432,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
|
||||
CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
|
||||
}
|
||||
#endif
|
||||
if (data->flags & NTLM_SUPPLIED_DOMAIN)
|
||||
if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
|
||||
CHECK(ret_string(in, 0, &domain, &data->domain), 0);
|
||||
if (data->flags & NTLM_SUPPLIED_WORKSTAION)
|
||||
if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION)
|
||||
CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
|
||||
|
||||
out:
|
||||
@@ -472,11 +472,11 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
|
||||
|
||||
if (type1->domain) {
|
||||
base += 8;
|
||||
flags |= NTLM_SUPPLIED_DOMAIN;
|
||||
flags |= NTLM_OEM_SUPPLIED_DOMAIN;
|
||||
}
|
||||
if (type1->hostname) {
|
||||
base += 8;
|
||||
flags |= NTLM_SUPPLIED_WORKSTAION;
|
||||
flags |= NTLM_OEM_SUPPLIED_WORKSTAION;
|
||||
}
|
||||
if (type1->os[0])
|
||||
base += 8;
|
||||
|
@@ -40,6 +40,10 @@ if do_roken_rename
|
||||
ROKEN_SRCS = snprintf.c strcasecmp.c strncasecmp.c strlwr.c strlcpy.c strlcat.c
|
||||
endif
|
||||
|
||||
if versionscript
|
||||
libotp_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
|
||||
endif
|
||||
|
||||
$(libotp_la_OBJECTS): $(ndbm_wrap)
|
||||
|
||||
ndbm_wrap.c:
|
||||
|
25
lib/otp/version-script.map
Normal file
25
lib/otp/version-script.map
Normal file
@@ -0,0 +1,25 @@
|
||||
HEIMDAL_OTP_1.0 {
|
||||
global:
|
||||
otp_challenge;
|
||||
otp_checksum;
|
||||
otp_db_close;
|
||||
otp_db_open;
|
||||
otp_delete;
|
||||
otp_error;
|
||||
otp_find_alg;
|
||||
otp_get;
|
||||
otp_parse;
|
||||
otp_parse_altdict;
|
||||
otp_parse_hex;
|
||||
otp_parse_stddict;
|
||||
otp_print_hex;
|
||||
otp_print_hex_extended;
|
||||
otp_print_stddict;
|
||||
otp_print_stddict_extended;
|
||||
otp_put;
|
||||
otp_simple_get;
|
||||
otp_verify_user;
|
||||
otp_verify_user_1;
|
||||
local:
|
||||
*;
|
||||
};
|
@@ -100,6 +100,7 @@ libroken_la_SOURCES = \
|
||||
snprintf.c \
|
||||
socket.c \
|
||||
strcollect.c \
|
||||
strerror_r.c \
|
||||
strpool.c \
|
||||
timeval.c \
|
||||
tm2time.c \
|
||||
|
@@ -1010,12 +1010,11 @@ getifaddrs2(struct ifaddrs **ifap,
|
||||
#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
|
||||
static int
|
||||
getlifaddrs2(struct ifaddrs **ifap,
|
||||
int siocgifconf, int siocgifflags,
|
||||
int af, int siocgifconf, int siocgifflags,
|
||||
size_t ifreq_sz)
|
||||
{
|
||||
int ret;
|
||||
int fd_inet6;
|
||||
int fd_inet;
|
||||
int fd;
|
||||
size_t buf_size;
|
||||
char *buf;
|
||||
struct lifconf ifconf;
|
||||
@@ -1028,16 +1027,10 @@ getlifaddrs2(struct ifaddrs **ifap,
|
||||
buf = NULL;
|
||||
|
||||
memset (&sa_zero, 0, sizeof(sa_zero));
|
||||
fd_inet6 = socket(AF_INET6, SOCK_DGRAM, 0);
|
||||
if (fd_inet6 < 0)
|
||||
fd = socket(af, SOCK_DGRAM, 0);
|
||||
if (fd < 0)
|
||||
return -1;
|
||||
|
||||
fd_inet = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
if (fd_inet < 0) {
|
||||
close(fd_inet6);
|
||||
return -1;
|
||||
}
|
||||
|
||||
buf_size = 8192;
|
||||
for (;;) {
|
||||
buf = calloc(1, buf_size);
|
||||
@@ -1046,7 +1039,7 @@ getlifaddrs2(struct ifaddrs **ifap,
|
||||
goto error_out;
|
||||
}
|
||||
#ifndef __hpux
|
||||
ifconf.lifc_family = AF_UNSPEC;
|
||||
ifconf.lifc_family = af;
|
||||
ifconf.lifc_flags = 0;
|
||||
#endif
|
||||
ifconf.lifc_len = buf_size;
|
||||
@@ -1055,7 +1048,7 @@ getlifaddrs2(struct ifaddrs **ifap,
|
||||
/*
|
||||
* Solaris returns EINVAL when the buffer is too small.
|
||||
*/
|
||||
if (ioctl (fd_inet, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
|
||||
if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
|
||||
ret = errno;
|
||||
goto error_out;
|
||||
}
|
||||
@@ -1093,11 +1086,9 @@ getlifaddrs2(struct ifaddrs **ifap,
|
||||
memset (&ifreq, 0, sizeof(ifreq));
|
||||
memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name));
|
||||
|
||||
if (ioctl(fd_inet6, siocgifflags, &ifreq) < 0) {
|
||||
if (ioctl(fd_inet, siocgifflags, &ifreq) < 0) {
|
||||
ret = errno;
|
||||
goto error_out;
|
||||
}
|
||||
if (ioctl(fd, siocgifflags, &ifreq) < 0) {
|
||||
ret = errno;
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
*end = malloc(sizeof(**end));
|
||||
@@ -1151,20 +1142,39 @@ getlifaddrs2(struct ifaddrs **ifap,
|
||||
|
||||
}
|
||||
*ifap = start;
|
||||
close(fd_inet6);
|
||||
close(fd_inet);
|
||||
close(fd);
|
||||
free(buf);
|
||||
return 0;
|
||||
error_out:
|
||||
rk_freeifaddrs(start);
|
||||
close(fd_inet6);
|
||||
close(fd_inet);
|
||||
close(fd);
|
||||
free(buf);
|
||||
errno = ret;
|
||||
return -1;
|
||||
}
|
||||
#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */
|
||||
|
||||
/**
|
||||
* Join two struct ifaddrs lists by appending supp to base.
|
||||
* Either may be NULL. The new list head (usually base) will be
|
||||
* returned.
|
||||
*/
|
||||
static struct ifaddrs *
|
||||
append_ifaddrs(struct ifaddrs *base, struct ifaddrs *supp) {
|
||||
if (!base)
|
||||
return supp;
|
||||
|
||||
if (!supp)
|
||||
return base;
|
||||
|
||||
while (base->ifa_next)
|
||||
base = base->ifa_next;
|
||||
|
||||
base->ifa_next = supp;
|
||||
|
||||
return base;
|
||||
}
|
||||
|
||||
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
|
||||
rk_getifaddrs(struct ifaddrs **ifap)
|
||||
{
|
||||
@@ -1176,9 +1186,43 @@ rk_getifaddrs(struct ifaddrs **ifap)
|
||||
sizeof(struct in6_ifreq));
|
||||
#endif
|
||||
#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
|
||||
if (ret)
|
||||
ret = getlifaddrs2 (ifap, SIOCGLIFCONF, SIOCGLIFFLAGS,
|
||||
/* Do IPv6 and IPv4 queries separately then join the result.
|
||||
*
|
||||
* HP-UX only returns IPv6 addresses using SIOCGLIFCONF,
|
||||
* SIOCGIFCONF has to be used for IPv4 addresses. The result is then
|
||||
* merged.
|
||||
*
|
||||
* Solaris needs particular care, because a SIOCGLIFCONF lookup using
|
||||
* AF_UNSPEC can fail in a Zone requiring an AF_INET lookup, so we just
|
||||
* do them separately the same as for HP-UX. See
|
||||
* http://repo.or.cz/w/heimdal.git/commitdiff/76afc31e9ba2f37e64c70adc006ade9e37e9ef73
|
||||
*/
|
||||
if (ret) {
|
||||
int v6err, v4err;
|
||||
struct ifaddrs *v6addrs, *v4addrs;
|
||||
|
||||
v6err = getlifaddrs2 (&v6addrs, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS,
|
||||
sizeof(struct lifreq));
|
||||
v4err = getifaddrs2 (&v4addrs, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS,
|
||||
sizeof(struct ifreq));
|
||||
if (v6err)
|
||||
v6addrs = NULL;
|
||||
if (v4err)
|
||||
v4addrs = NULL;
|
||||
|
||||
if (v6addrs) {
|
||||
if (v4addrs)
|
||||
*ifap = append_ifaddrs(v6addrs, v4addrs);
|
||||
else
|
||||
*ifap = v6addrs;
|
||||
} else if (v4addrs) {
|
||||
*ifap = v4addrs;
|
||||
} else {
|
||||
*ifap = NULL;
|
||||
}
|
||||
|
||||
ret = (v6err || v4err) ? -1 : 0;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_IPV6) && defined(SIOCGIFCONF)
|
||||
if (ret)
|
||||
@@ -1193,8 +1237,6 @@ rk_getifaddrs(struct ifaddrs **ifap)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* !AF_NETLINK */
|
||||
|
||||
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
|
||||
rk_freeifaddrs(struct ifaddrs *ifp)
|
||||
{
|
||||
@@ -1216,6 +1258,8 @@ rk_freeifaddrs(struct ifaddrs *ifp)
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* !AF_NETLINK */
|
||||
|
||||
#ifdef TEST
|
||||
|
||||
void
|
||||
|
@@ -467,12 +467,12 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void);
|
||||
ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strerror(int);
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_STRERROR) && !defined(strerror)
|
||||
#define strerror_r rk_strerror_r
|
||||
int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t);
|
||||
#if !defined(HAVE_STRERROR_R) && !defined(strerror_r) && !defined(STRERROR_R_PROTO_COMPATIBLE)
|
||||
int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t);
|
||||
#else
|
||||
#define rk_strerror_r strerror_r
|
||||
#endif
|
||||
|
||||
|
||||
#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
|
||||
#ifndef HAVE_HSTRERROR
|
||||
#define hstrerror rk_hstrerror
|
||||
|
@@ -33,32 +33,48 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#if !defined(HAVE_STRERROR_R) && !defined(STRERROR_R_PROTO_COMPATIBLE)
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
|
||||
#ifdef _MSC_VER
|
||||
|
||||
char * ROKEN_LIB_FUNCTION
|
||||
strerror_r(int eno, char * strerrbuf, size_t buflen)
|
||||
int ROKEN_LIB_FUNCTION
|
||||
rk_strerror_r(int eno, char * strerrbuf, size_t buflen)
|
||||
{
|
||||
errno_t err;
|
||||
|
||||
err = strerror_s(strerrbuf, buflen, eno);
|
||||
if (err != 0)
|
||||
sprintf_s(strerrbuf, buflen, "Error % occurred.", eno);
|
||||
if (err != 0) {
|
||||
int code;
|
||||
code = sprintf_s(strerrbuf, buflen, "Error % occurred.", eno);
|
||||
err = ((code != 0)? errno : 0);
|
||||
}
|
||||
|
||||
return strerrbuf;
|
||||
return err;
|
||||
}
|
||||
|
||||
#else
|
||||
#else /* _MSC_VER */
|
||||
|
||||
#ifndef HAVE_STRERROR_R
|
||||
extern int sys_nerr;
|
||||
extern char *sys_errlist[];
|
||||
#endif
|
||||
|
||||
char* ROKEN_LIB_FUNCTION
|
||||
strerror_r(int eno, char *strerrbuf, size_t buflen)
|
||||
int ROKEN_LIB_FUNCTION
|
||||
rk_strerror_r(int eno, char *strerrbuf, size_t buflen)
|
||||
{
|
||||
/* Assume is the linux broken strerror_r (returns the a buffer (char *) if the input buffer wasn't use */
|
||||
#ifdef HAVE_STRERROR_R
|
||||
const char *str;
|
||||
str = strerror_r(eno, strerrbuf, buflen);
|
||||
if (str != strerrbuf)
|
||||
if (strlcpy(strerrbuf, str, buflen) >= buflen)
|
||||
return ERANGE;
|
||||
return 0;
|
||||
#else
|
||||
int ret;
|
||||
if(eno < 0 || eno >= sys_nerr) {
|
||||
snprintf(strerrbuf, buflen, "Error %d occurred.", eno);
|
||||
@@ -68,6 +84,9 @@ strerror_r(int eno, char *strerrbuf, size_t buflen)
|
||||
if (ret > buflen)
|
||||
return ERANGE;
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* !_MSC_VER */
|
||||
|
||||
#endif
|
||||
|
@@ -7,3 +7,5 @@ lib_LTLIBRARIES = libheimsqlite.la
|
||||
noinst_HEADERS = sqlite3.h sqlite3ext.h
|
||||
|
||||
libheimsqlite_la_SOURCES = sqlite3.c
|
||||
|
||||
libheimsqlite_la_LIBADD = $(PTHREADS_LIBADD)
|
||||
|
@@ -366,12 +366,14 @@ SQLITE_PRIVATE void sqlite3Coverage(int);
|
||||
** Older versions of SQLite used an optional THREADSAFE macro.
|
||||
** We support that for legacy
|
||||
*/
|
||||
#if !defined(SQLITE_THREADSAFE)
|
||||
#if defined(THREADSAFE)
|
||||
# define SQLITE_THREADSAFE THREADSAFE
|
||||
#ifdef ENABLE_PTHREAD_SUPPORT
|
||||
#define SQLITE_THREADSAFE 1
|
||||
#else
|
||||
# define SQLITE_THREADSAFE 1
|
||||
#define SQLITE_THREADSAFE 0
|
||||
#endif
|
||||
|
||||
#if !defined(SQLITE_THREADSAFE)
|
||||
# define SQLITE_THREADSAFE 1
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@@ -34,6 +34,8 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#define VERSION_HIDDEN static
|
||||
|
||||
#include "roken.h"
|
||||
|
||||
#include "version.h"
|
||||
|
@@ -1,5 +1,8 @@
|
||||
#!/bin/sh
|
||||
|
||||
unset KRB5_CONFIG
|
||||
unset KRB5CCNAME
|
||||
|
||||
top_builddir="@top_builddir@"
|
||||
top_srcdir="@top_srcdir@"
|
||||
EGREP="@EGREP@"
|
||||
|
@@ -123,115 +123,116 @@ fi
|
||||
|
||||
trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
|
||||
|
||||
exitcode=0
|
||||
testfailed="echo test failed; cat messages.log; exit 1"
|
||||
|
||||
echo "Getting client initial tickets"
|
||||
${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || exitcode=1
|
||||
echo "Getting client initial tickets" ; > messages.log
|
||||
${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "======test unreadable/non existant keytab and its error message"
|
||||
echo "======test unreadable/non existant keytab and its error message" ; > messages.log
|
||||
${context} --mech-type=krb5 host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
mv ${keytabfile} ${keytabfile}.no
|
||||
|
||||
echo "checking non existant keytabfile (krb5)"
|
||||
echo "checking non existant keytabfile (krb5)" ; > messages.log
|
||||
${context} --mech-type=krb5 host@lucid.test.h5l.se > test_context.log 2>&1 && \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
grep ${keytabfile} test_context.log > /dev/null || \
|
||||
{ exitcode=1 ; echo "string missing failed"; }
|
||||
echo "checking non existant keytabfile (spengo)"
|
||||
{ echo "string missing failed"; cat test_context.log ; eval "$testfailed"; }
|
||||
echo "checking non existant keytabfile (spengo)" ; > messages.log
|
||||
${context} --mech-type=spnego host@lucid.test.h5l.se > test_context.log 2>&1 && \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
grep ${keytabfile} test_context.log > /dev/null || \
|
||||
{ exitcode=1 ; echo "string missing failed"; }
|
||||
{ echo "string missing failed"; cat test_context.log ; eval "$testfailed"; }
|
||||
|
||||
mv ${keytabfile}.no ${keytabfile}
|
||||
|
||||
echo "======test naming combinations"
|
||||
echo "plain"
|
||||
echo "plain" ; > messages.log
|
||||
${context} --name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
echo "plain (krb5)"
|
||||
{ eval "$testfailed"; }
|
||||
echo "plain (krb5)" ; > messages.log
|
||||
${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
echo "plain (krb5 realmless)"
|
||||
{ eval "$testfailed"; }
|
||||
echo "plain (krb5 realmless)" ; > messages.log
|
||||
${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
echo "dns canon on (long name) OFF, need dns_wrapper"
|
||||
{ eval "$testfailed"; }
|
||||
echo "dns canon on (long name) OFF, need dns_wrapper" ; > messages.log
|
||||
#${context} --dns-canon host@lucid.test.h5l.se || \
|
||||
# { exitcode=1 ; echo "test failed"; }
|
||||
echo "dns canon off (long name)"
|
||||
# { eval "$testfailed"; }
|
||||
echo "dns canon off (long name)" ; > messages.log
|
||||
${context} --no-dns-canon host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
echo "dns canon off (short name)"
|
||||
{ eval "$testfailed"; }
|
||||
echo "dns canon off (short name)" ; > messages.log
|
||||
${context} --no-dns-canon host@lucid || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
echo "dns canon off (short name, krb5)"
|
||||
{ eval "$testfailed"; }
|
||||
echo "dns canon off (short name, krb5)" ; > messages.log
|
||||
${context} --no-dns-canon --name-type=krb5-principal-name host/lucid@${R} || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
echo "dns canon off (short name, krb5)"
|
||||
{ eval "$testfailed"; }
|
||||
echo "dns canon off (short name, krb5)" ; > messages.log
|
||||
${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "======test context building"
|
||||
for mech in krb5 krb5iov spnego spnegoiov; do
|
||||
if [ "$mech" == "krb5iov" ] ; then
|
||||
if [ "$mech" = "krb5iov" ] ; then
|
||||
mech="krb5"
|
||||
iov="--iov"
|
||||
fi
|
||||
if [ "$mech" == "spnegoiov" ] ; then
|
||||
if [ "$mech" = "spnegoiov" ] ; then
|
||||
mech="spnego"
|
||||
iov="--iov"
|
||||
fi
|
||||
|
||||
echo "${mech} no-mutual ${iov}"
|
||||
echo "${mech} no-mutual ${iov}" ; > messages.log
|
||||
${context} --mech-type=${mech} \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "${mech} mutual ${iov}"
|
||||
echo "${mech} mutual ${iov}" ; > messages.log
|
||||
${context} --mech-type=${mech} \
|
||||
--mutual \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "${mech} delegate ${iov}"
|
||||
echo "${mech} delegate ${iov}" ; > messages.log
|
||||
${context} --mech-type=${mech} \
|
||||
--delegate \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "${mech} mutual delegate ${iov}"
|
||||
echo "${mech} mutual delegate ${iov}" ; > messages.log
|
||||
${context} --mech-type=${mech} \
|
||||
--mutual --delegate \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
done
|
||||
|
||||
echo "======dce-style"
|
||||
for mech in krb5 krb5iov spnego; do
|
||||
iov=""
|
||||
if [ "$mech" == "krb5iov" ] ; then
|
||||
if [ "$mech" = "krb5iov" ] ; then
|
||||
mech="krb5"
|
||||
iov="--iov"
|
||||
fi
|
||||
if [ "$mech" == "spnegoiov" ] ; then
|
||||
if [ "$mech" = "spnegoiov" ] ; then
|
||||
mech="spnego"
|
||||
iov="--iov"
|
||||
fi
|
||||
|
||||
echo "${mech}: dce-style ${iov}"
|
||||
echo "${mech}: dce-style ${iov}" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=${mech} \
|
||||
--mutual \
|
||||
--dce-style \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
done
|
||||
|
||||
@@ -239,15 +240,15 @@ echo "test gsskrb5_register_acceptor_identity (both positive and negative)"
|
||||
|
||||
cp ${keytabfile} ${keytabfile}.new
|
||||
for mech in krb5 spnego; do
|
||||
echo "${mech}: acceptor_identity positive"
|
||||
echo "${mech}: acceptor_identity positive" ; > messages.log
|
||||
${context} --gsskrb5-acceptor-identity=${keytabfile}.new \
|
||||
--mech-type=$mech host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "${mech}: acceptor_identity negative"
|
||||
echo "${mech}: acceptor_identity negative" ; > messages.log
|
||||
${context} --gsskrb5-acceptor-identity=${keytabfile}.foo \
|
||||
--mech-type=$mech host@lucid.test.h5l.se 2>/dev/null && \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
done
|
||||
|
||||
rm ${keytabfile}.new
|
||||
@@ -257,171 +258,187 @@ rm ${keytabfile}.new
|
||||
#${context} --mech-type=sasl-digest-md5 \
|
||||
# --name-type=hostbased-service \
|
||||
# host@lucid.test.h5l.se || \
|
||||
# { exitcode=1 ; echo "test failed"; }
|
||||
# { eval "$testfailed"; }
|
||||
|
||||
|
||||
echo "====== gss-api session key check"
|
||||
|
||||
# this will break when oneone invents a cooler enctype then aes256-cts-hmac-sha1-96
|
||||
coolenctype="aes256-cts-hmac-sha1-96"
|
||||
limit_enctype="des3-cbc-sha1"
|
||||
|
||||
echo "Getting client initial tickets"
|
||||
echo "Getting client initial tickets" ; > messages.log
|
||||
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
|
||||
{ echo "kinit failed"; exitcode=1; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Building context on cred w/o aes, but still ${coolenctype} session key"
|
||||
|
||||
echo "Building context on cred w/o aes, but still ${coolenctype} session key" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--mutual-auth \
|
||||
--session-enctype=${coolenctype} \
|
||||
--name-type=hostbased-service host@no-aes.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Building context on cred, check if its limited still" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--client-name=user1@${R} \
|
||||
--limit-enctype="${limit_enctype}" \
|
||||
--mutual-auth \
|
||||
--name-type=hostbased-service host@no-aes.test.h5l.se || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
|
||||
echo "====== ok-as-delegate"
|
||||
|
||||
echo "Getting client initial tickets"
|
||||
echo "Getting client initial tickets" ; > messages.log
|
||||
${kinit} --forwardable \
|
||||
--password-file=${objdir}/foopassword user1@${R} || exitcode=1
|
||||
--password-file=${objdir}/foopassword user1@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "ok-as-delegate not used"
|
||||
echo "ok-as-delegate not used" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--delegate \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "host without ok-as-delegate with policy-delegate"
|
||||
echo "host without ok-as-delegate with policy-delegate" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--policy-delegate \
|
||||
--server-no-delegate \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "ok-as-delegate used by policy"
|
||||
echo "ok-as-delegate used by policy" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--policy-delegate \
|
||||
--name-type=hostbased-service host@ok-delegate.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Getting client initial tickets with --ok-as-delgate"
|
||||
echo "Getting client initial tickets with --ok-as-delgate" ; > messages.log
|
||||
${kinit} --ok-as-delegate --forwardable \
|
||||
--password-file=${objdir}/foopassword user1@${R} || exitcode=1
|
||||
--password-file=${objdir}/foopassword user1@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "policy delegate to non delegate host"
|
||||
echo "policy delegate to non delegate host" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--policy-delegate \
|
||||
--server-no-delegate \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "ok-as-delegate"
|
||||
echo "ok-as-delegate" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--delegate \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "======export/import cred"
|
||||
|
||||
echo "export-import cred (krb5)"
|
||||
echo "export-import cred (krb5)" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--delegate \
|
||||
--export-import-cred \
|
||||
--name-type=hostbased-service host@ok-delegate.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "export-import cred (spnego)"
|
||||
echo "export-import cred (spnego)" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=spnego \
|
||||
--delegate \
|
||||
--export-import-cred \
|
||||
--name-type=hostbased-service host@ok-delegate.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
|
||||
echo "======time diffs between client and server"
|
||||
|
||||
echo "Getting client initial ticket"
|
||||
${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
|
||||
echo "Getting client initial ticket" ; > messages.log
|
||||
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "No time offset"
|
||||
echo "No time offset" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Getting client initial ticket"
|
||||
${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
|
||||
echo "Getting client initial ticket" ; > messages.log
|
||||
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Server time offset"
|
||||
echo "Server time offset" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--mutual-auth \
|
||||
--server-time-offset=3600 \
|
||||
--max-loops=3 \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Server time offset (cached ?)"
|
||||
echo "Server time offset (cached ?)" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--mutual-auth \
|
||||
--server-time-offset=3600 \
|
||||
--max-loops=2 \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Getting client initial ticket"
|
||||
${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
|
||||
echo "Getting client initial ticket" ; > messages.log
|
||||
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
# Pre-poplute the cache since tgs-req will fail since our time is wrong
|
||||
${kgetcred} host/lucid.test.h5l.se@${R} || exitcode=1
|
||||
${kgetcred} host/lucid.test.h5l.se@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Client time offset"
|
||||
echo "Client time offset" ; > messages.log
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--mutual-auth \
|
||||
--client-time-offset=3600 \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
echo "Getting client initial tickets (use-referrals)"
|
||||
echo "Getting client initial tickets (use-referrals)" ; > messages.log
|
||||
${kinit} \
|
||||
--password-file=${objdir}/foopassword \
|
||||
--use-referrals user1@${R} || exitcode=1
|
||||
--use-referrals user1@${R} || \
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
# XXX these tests really need to use somethat that resolve to something
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
host@short || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--name-type=krb5-principal-name host/short || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
host@long.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--name-type=krb5-principal-name \
|
||||
host/long.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
{ eval "$testfailed"; }
|
||||
|
||||
trap "" EXIT
|
||||
|
||||
echo "killing kdc (${kdcpid})"
|
||||
kill ${kdcpid} 2> /dev/null
|
||||
|
||||
[ "$exitcode" = 0 ] && echo "all ok"
|
||||
|
||||
exit $exitcode
|
||||
|
||||
exit 0
|
||||
|
||||
|
@@ -36,6 +36,11 @@ objdir="@objdir@"
|
||||
|
||||
. ${env_setup}
|
||||
|
||||
KRB5_CONFIG="${objdir}/krb5-cc.conf"
|
||||
export KRB5_CONFIG
|
||||
|
||||
unset KRB5CCNAME
|
||||
|
||||
testfailed="echo test failed; exit 1"
|
||||
|
||||
# If there is no useful db support compile in, disable test
|
||||
@@ -56,9 +61,6 @@ cache="FILE:${objdir}/cache.krb5"
|
||||
keytabfile=${objdir}/server.keytab
|
||||
keytab="FILE:${keytabfile}"
|
||||
|
||||
KRB5_CONFIG="${objdir}/krb5-cc.conf"
|
||||
export KRB5_CONFIG
|
||||
|
||||
rm -f ${keytabfile}
|
||||
rm -f current-db*
|
||||
rm -f out-*
|
||||
|
@@ -35,13 +35,13 @@ top_builddir="@top_builddir@"
|
||||
env_setup="@env_setup@"
|
||||
objdir="@objdir@"
|
||||
|
||||
. ${env_setup}
|
||||
|
||||
KRB5_CONFIG="${1-${objdir}/krb5.conf}"
|
||||
export KRB5_CONFIG
|
||||
|
||||
testfailed="echo test failed; cat messages.log; exit 1"
|
||||
|
||||
. ${env_setup}
|
||||
|
||||
# If there is no useful db support compile in, disable test
|
||||
${have_db} || exit 77
|
||||
|
||||
|
@@ -20,6 +20,7 @@ subst = sed -e "s!@PACKAGE\@!$(PACKAGE)!g" \
|
||||
-e "s!@exec_prefix\@!$(exec_prefix)!g" \
|
||||
-e "s!@libdir\@!$(libdir)!g" \
|
||||
-e "s!@includedir\@!$(includedir)!g" \
|
||||
-e "s!@PTHREAD_LIBADD\@!$(PTHREAD_LIBADD)!g" \
|
||||
-e "s!@LIB_crypt\@!$(LIB_crypt)!g" \
|
||||
-e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \
|
||||
-e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \
|
||||
|
@@ -137,7 +137,7 @@ if test "$do_libs" = "yes"; then
|
||||
esac
|
||||
lib_flags="$lib_flags -lkrb5 @LIB_pkinit@ -lcom_err"
|
||||
lib_flags="$lib_flags @LIB_hcrypto_appl@ -lasn1 -lwind -lroken"
|
||||
lib_flags="$lib_flags @LIB_crypt@ @LIB_dlopen@"
|
||||
lib_flags="$lib_flags @LIB_crypt@ @PTHREAD_LIBADD@ @LIB_dlopen@"
|
||||
lib_flags="$lib_flags @LIB_door_create@ @LIBS@"
|
||||
echo $lib_flags
|
||||
fi
|
||||
|
Reference in New Issue
Block a user