WIP

This reverts commit f37749adc7.

.github/workflows/coverage.yml

@@ -0,0 +1,57 @@
+name: Test Coverage
+
+on:
+    push:
+      branches:
+         - 'coverage-*'
+
+jobs:
+    coverage:
+        runs-on: ubuntu-22.04
+        steps:
+            - name: Clone repository
+              uses: actions/checkout@v4
+            - name: Install packages
+              run: |
+                sudo apt-get update -qq
+                sudo apt-get install -y bison comerr-dev flex doxygen
+                sudo apt-get install -y libcap-ng-dev libdb-dev libedit-dev libjson-perl
+                sudo apt-get install -y libldap2-dev libncurses5-dev libperl4-corelibs-perl
+                sudo apt-get install -y libsqlite3-dev libkeyutils-dev pkg-config python3
+                sudo apt-get install -y ss-dev texinfo unzip netbase keyutils ldap-utils
+                sudo apt-get install -y gdb apport curl libmicrohttpd-dev jq valgrind
+                sudo apt-get install -y lcov
+                # Temporary workaround for:
+                # https://github.com/actions/virtual-environments/issues/3185
+                sudo hostname localhost
+            - name: Build with coverage
+              env:
+                CC: gcc
+                CFLAGS: '--coverage -O0 -g'
+                LDFLAGS: '--coverage'
+              run: |
+                /bin/sh ./autogen.sh
+                mkdir build
+                cd build
+                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap --prefix=$HOME/inst CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS"
+                make -j4
+            - name: Test
+              run: |
+                cd build
+                sudo sysctl kernel.core_pattern=core.%p || true
+                ulimit -c unlimited
+                make check || true
+            - name: Generate coverage report
+              run: |
+                cd build
+                # Capture coverage data
+                lcov --capture --directory . --output-file coverage.info --ignore-errors source
+                # Remove coverage for system headers and generated files
+                lcov --remove coverage.info '/usr/*' '*/build/*asn1*' '*/build/*_err.*' --output-file coverage.info --ignore-errors unused
+                # List coverage summary
+                lcov --list coverage.info
+            - name: Upload to Coveralls
+              uses: coverallsapp/github-action@v2
+              with:
+                file: build/coverage.info
+                format: lcov

.github/workflows/coverity.yml

@@ -20,7 +20,7 @@ jobs:
                       compiler: clang
         steps:
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
             - name: Install packages
               if: startsWith(matrix.os, 'ubuntu')
               run: |

.github/workflows/linux-interop.yml

@@ -3,7 +3,7 @@ name: Linux Build
 on:
     push:
       branches:
-         - 'interop-mit*'
+         - 'interop*'
 
 jobs:
     unix:
@@ -19,9 +19,14 @@ jobs:
                       cflags: ''
         steps:
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
+            - name: Clone older Heimdal for interop testing
+              uses: actions/checkout@v4
+              with:
+                ref: older-branch-for-interop-testing
+                path: older-heimdal
             - name: Checkout MIT
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                 repository: krb5/krb5
                 path: mit
@@ -41,6 +46,17 @@ jobs:
                 # Temporary workaround for:
                 # https://github.com/actions/virtual-environments/issues/3185
                 sudo hostname localhost
+            - name: Build older Heimdal
+              env:
+                CC: ${{ matrix.compiler }}
+              run: |
+                cd older-heimdal
+                /bin/sh ./autogen.sh
+                mkdir build
+                cd build
+                ../configure --prefix=$HOME/oh5l --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS CFLAGS="${{ matrix.cflags }} -Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations"
+                make -j4
+                make install
             - name: Build MIT
               env:
                 CC: ${{ matrix.compiler }}
@@ -59,7 +75,7 @@ jobs:
                 /bin/sh ./autogen.sh
                 mkdir build
                 cd build
-                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="${{ matrix.cflags }} -Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations" --with-mitkrb5=$HOME/mitkrb5
+                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="${{ matrix.cflags }} -Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations" --with-mitkrb5=$HOME/mitkrb5 --with-older-heimdal=$HOME/oh5l
                 make -j4
             - name: Test
               env:
@@ -67,8 +83,14 @@ jobs:
                 MAKEVARS: ${{ matrix.makevars }}
               run: |
                 cd build
+                sudo sysctl kernel.core_pattern=core.%p || true
                 ulimit -c unlimited
+                cd lib
                 make check
+                cd ../tests/bin
+                make check
+                cd ../kdc
+                make SCRIPT_TESTS='check-fast check-mit-kdc check-old-heimdal-client check-old-heimdal-kdc' check
             - name: Make Install
               env:
                 CC: ${{ matrix.compiler }}
@@ -91,27 +113,13 @@ jobs:
               if: ${{ failure() }}
               run: |
                 find build -name \*.trs | xargs grep -lw FAIL | sed -e 's/trs$/log/' | xargs cat
-            - name: Make Dist
-              run: |
-                cd build
-                make dist
-                make distclean
-                if [ "$(git ls-files -o|grep -v ^build/ | wc -l)" -ne 0 ]; then
-                  echo "Files not removed by make distclean:"
-                  git ls-files -o|grep -v ^build/
-                fi
             - name: Upload Install Tarball
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Install Tarball
+                name: Install Tarball (interop)
                 path: '~/heimdal-install-linux-${{ matrix.compiler }}.tgz'
-            - name: Upload Dist Tarball
-              uses: actions/upload-artifact@v2
-              with:
-                name: Dist Tarball
-                path: 'build/heimdal-*.tar.gz'
             - name: Upload Logs Tarball
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Test Logs
+                name: Test Logs (interop)
                 path: '~/logs-linux-${{ matrix.compiler }}.tgz'

.github/workflows/linux.yml

@@ -19,12 +19,11 @@ on:
          - '**.py'
          - '**.asn1'
          - '**.opt'
+         - '**.map'
          - '**/COPYING'
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/linux.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
     pull_request:
       paths:
@@ -45,28 +44,28 @@ on:
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/linux.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
 jobs:
     unix:
+        # Run if no [only X] tag, or if [only linux] is present (check both push commits and PR titles)
+        if: >-
+            (!contains(github.event.head_commit.message, '[only ') &&
+             !contains(github.event.pull_request.title, '[only ')) ||
+            contains(github.event.head_commit.message, '[only linux]') ||
+            contains(github.event.pull_request.title, '[only linux]')
         runs-on: ${{ matrix.os }}
         strategy:
             fail-fast: false
             matrix:
-                name: [linux-clang, linux-gcc]
+                name: [linux-gcc]
                 include:
-                    - name: linux-clang
-                      os: ubuntu-22.04
-                      compiler: clang
-                      cflags: ''
                     - name: linux-gcc
                       os: ubuntu-22.04
                       compiler: gcc
                       cflags: '-Wnonnull'
         steps:
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
             - name: Install packages
               if: startsWith(matrix.os, 'ubuntu')
               run: |
@@ -96,6 +95,7 @@ jobs:
                 MAKEVARS: ${{ matrix.makevars }}
               run: |
                 cd build
+                sudo sysctl kernel.core_pattern=core.%p || true
                 ulimit -c unlimited
                 make check
             - name: Make Install
@@ -108,11 +108,14 @@ jobs:
                 cd /tmp/h5l
                 tar czf $HOME/heimdal-install-linux-${{ matrix.compiler }}.tgz .
             - name: Core dump stacks
+              if: ${{ always() }}
               run: |
+                find . -name '*core*' -print
                 echo "thread apply all bt" > /tmp/x
-                find . -name core -print | while read core; do gdb -batch -x x `file "$core"|sed -e "s/^[^']*'//" -e "s/[ '].*$//"` "$core"; done
+                find . -name core\* -print | while read core; do gdb -batch -x x `file "$core"|sed -e "s/^[^']*'//" -e "s/[ '].*$//"` "$core"; done
                 if [ "$(find . -name core -print | wc -l)" -gt 0 ]; then false; fi
             - name: Test logs
+              if: ${{ always() }}
               run: |
                 find build -depth -name \*.trs | xargs grep -lw FAIL | sed -e 's/trs$/log/' | tar -czf $HOME/logs-linux-${{ matrix.compiler }}.tgz --verbatim-files-from --files-from -
                 find build -name \*.trs | xargs grep -lw FAIL | sed -e 's/trs$/log/' | xargs cat
@@ -130,17 +133,17 @@ jobs:
                   git ls-files -o|grep -v ^build/
                 fi
             - name: Upload Install Tarball
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Install Tarball
+                name: Install Tarball (${{ matrix.name }})
                 path: '~/heimdal-install-linux-${{ matrix.compiler }}.tgz'
             - name: Upload Dist Tarball
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Dist Tarball
+                name: Dist Tarball (${{ matrix.name }})
                 path: 'build/heimdal-*.tar.gz'
             - name: Upload Logs Tarball
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Test Logs
+                name: Test Logs (${{ matrix.name }})
                 path: '~/logs-linux-${{ matrix.compiler }}.tgz'

.github/workflows/osx.yml

@@ -24,8 +24,6 @@ on:
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/osx.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
     pull_request:
       paths:
@@ -46,11 +44,15 @@ on:
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/osx.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
 jobs:
     osx:
+        # Run if no [only X] tag, or if [only osx] is present (check both push commits and PR titles)
+        if: >-
+            (!contains(github.event.head_commit.message, '[only ') &&
+             !contains(github.event.pull_request.title, '[only ')) ||
+            contains(github.event.head_commit.message, '[only osx]') ||
+            contains(github.event.pull_request.title, '[only osx]')
         runs-on: ${{ matrix.os }}
         strategy:
             fail-fast: false
@@ -66,10 +68,12 @@ jobs:
                 echo "bison, flex, ncurses, texinfo, and unzip are in the base OS."
                 echo "berkeley-db, perl, python3, curl, and jq are installed in the"
                 echo "base image already."
-                brew install autoconf automake libtool cpanm texinfo texi2html
+                brew install autoconf automake bison libtool cpanm texinfo texi2html bash openssl@3
                 sudo cpanm install JSON
+                # Use Homebrew bash for tests (much faster than /bin/bash on macOS)
+                echo "$(brew --prefix)/bin" >> $GITHUB_PATH
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
             - name: Build
               env:
                 CC: ${{ matrix.compiler }}
@@ -79,7 +83,7 @@ jobs:
                 /bin/sh ./autogen.sh
                 mkdir build
                 cd build
-                ../configure --srcdir=`dirname "$PWD"` --disable-heimdal-documentation --disable-afs-support --enable-maintainer-mode --enable-developer $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="-Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations" CFLAGS="-O0 -g -ggdb3"
+                ../configure --srcdir=`dirname "$PWD"` --disable-heimdal-documentation --enable-maintainer-mode --enable-developer $CONFIGURE_OPTS --prefix=$HOME/inst --with-openssl=/opt/homebrew/opt/openssl@3/ CFLAGS="-O0 -g -ggdb3 -Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations"
                 ulimit -c unlimited
                 PATH=/usr/local/opt/texinfo/bin:$PATH
                 export PATH
@@ -89,12 +93,15 @@ jobs:
             #  with:
             #      limit-access-to-actor: true
             - name: Test
+              shell: bash
               env:
                 CC: ${{ matrix.compiler }}
                 MAKEVARS: ${{ matrix.makevars }}
                 CONFIGURE_OPTS:  ${{ matrix.configureopts }}
               run: |
                 set -vx
+                # Verify we're using Homebrew bash (faster than system bash)
+                echo "Using bash: $(which bash) version $BASH_VERSION"
                 sudo lsof -nP -i:49188 || true
                 cd build
                 make check
@@ -113,12 +120,12 @@ jobs:
               run: |
                 find build -name \*.trs|xargs grep -lw FAIL|sed -e 's/trs$/log/'|xargs cat
             - name: Upload Install Tarball
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Install Tarball
+                name: Install Tarball (osx)
                 path: '~/heimdal-install-osx.tgz'
             - name: Upload Artifacts
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Upload Test Logs
+                name: Test Logs (osx)
                 path: '~/logs-osx.cpio'

.github/workflows/scanbuild.yml

@@ -24,7 +24,7 @@ jobs:
                       compiler: clang
         steps:
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
             - name: Install packages
               if: startsWith(matrix.os, 'ubuntu')
               run: |
@@ -61,7 +61,7 @@ jobs:
               run: |
                 find build -name \*.trs|xargs grep -lw FAIL|sed -e 's/trs$/log/'|xargs cat
             - name: Upload Artifacts
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
                 name: Scan-Build Reports
                 path: '/tmp/scan-build*/'

.github/workflows/ubsan.yml

@@ -19,12 +19,11 @@ on:
          - '**.py'
          - '**.asn1'
          - '**.opt'
+         - '**.map'
          - '**/COPYING'
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/ubsan.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
     pull_request:
       paths:
@@ -45,8 +44,6 @@ on:
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/ubsan.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
 jobs:
     unix:
@@ -68,7 +65,7 @@ jobs:
                       ldflags: ''
         steps:
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
             - name: Install packages
               if: startsWith(matrix.os, 'ubuntu')
               run: |
@@ -127,7 +124,7 @@ jobs:
               run: |
                 find build -name \*.trs | sed -e 's/trs$/log/' | xargs cat
             - name: Upload Logs Tarball
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Test Logs
+                name: Test Logs UBSAN (${{ matrix.name }})
                 path: '~/logs-linux-${{ matrix.compiler }}.tgz'

.github/workflows/valgrind.yml

@@ -24,7 +24,7 @@ jobs:
                       compiler: clang
         steps:
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
             - name: Install packages
               if: startsWith(matrix.os, 'ubuntu')
               run: |
@@ -43,7 +43,7 @@ jobs:
                 /bin/sh ./autogen.sh
                 mkdir build
                 cd build
-                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="-g -ggdb3 -O0 -Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations"
+                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="-gdwarf-4 -g -ggdb3 -O0 -Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations"
                 make -j4
             - name: Test
               env:
@@ -51,6 +51,7 @@ jobs:
                 MAKEVARS: ${{ matrix.makevars }}
               run: |
                 cd build
+                sudo sysctl kernel.core_pattern=core.%p || true
                 ulimit -c unlimited
                 make check-valgrind
             - name: Valgrind output
@@ -65,7 +66,7 @@ jobs:
               run: |
                 find build -name \*.trs|xargs grep -lw FAIL | sed -e 's/trs$/log/' | xargs cat
             - name: Upload Artifacts
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Test Logs
+                name: Test Logs (valgrind)
                 path: '~/logs-linux-valgrind.tgz'

.github/workflows/windows.yml

@@ -18,13 +18,12 @@ on:
          - '**.asn1'
          - '**.opt'
          - '**.w32'
+         - '**.def'
          - '**/NTMakefile*'
          - '**/COPYING'
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/windows.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
     pull_request:
       paths:
@@ -44,12 +43,21 @@ on:
          - '**/INSTALL'
          - '**/README*'
          - '.github/workflows/windows.yml'
-         - '!appveyor.yml'
-         - '!.travis.yml'
 
 jobs:
     windows:
+        # Run if no [only X] tag, or if [only windows] is present (check both push commits and PR titles)
+        if: >-
+            (!contains(github.event.head_commit.message, '[only ') &&
+             !contains(github.event.pull_request.title, '[only ')) ||
+            contains(github.event.head_commit.message, '[only windows]') ||
+            contains(github.event.pull_request.title, '[only windows]')
         runs-on: windows-latest
+        strategy:
+            fail-fast: false
+            matrix:
+                # clang-cl disabled due to LLVM 19 bug with MMX intrinsics in VS 2022 headers
+                compiler: [msvc]
         env:
             APPVER: '10.0'
             CODESIGN_PKT: 0000000000000000
@@ -58,37 +66,67 @@ jobs:
             WIXDIR: 'c:\Program Files (x86)\Windows Installer XML v3.5'
         steps:
             - name: Clone repository
-              uses: actions/checkout@v1
+              uses: actions/checkout@v4
+
             - name: Find MSVC and run vcvarsall.bat
               uses: ilammy/msvc-dev-cmd@v1
               with:
                 arch: amd64
-            - name: Build and Test
+
+            - name: Setup OpenSSL
+              shell: pwsh
+              run: |
+                # OpenSSL 3.x is pre-installed on windows-latest at C:\Program Files\OpenSSL
+                $opensslDir = "C:\Program Files\OpenSSL"
+                if (Test-Path $opensslDir) {
+                    Write-Host "OpenSSL found at $opensslDir"
+                    Get-ChildItem $opensslDir
+                    # Show version
+                    & "$opensslDir\bin\openssl.exe" version
+                } else {
+                    Write-Host "OpenSSL not found, installing via chocolatey..."
+                    choco install openssl -y
+                    $opensslDir = "C:\Program Files\OpenSSL"
+                }
+                # Set environment variables for the build
+                echo "OPENSSL_DIR=$opensslDir" >> $env:GITHUB_ENV
+                echo "INCLUDE_openssl_crypto=$opensslDir\include" >> $env:GITHUB_ENV
+                echo "LIB_openssl_crypto=$opensslDir\lib\VC\x64\MD\libcrypto.lib" >> $env:GITHUB_ENV
+
+            - name: Install MSYS2 packages
               shell: cmd
               run: |
-                set PATH=%PATH%;C:\msys64\usr\bin;C:\Program Files (x86)\HTML Help Workshop;C:\program files (x86)\windows installer xml v3.5\bin;C:\cygwin\bin
+                C:\msys64\usr\bin\pacman.exe --noconfirm -Sy
+                C:\msys64\usr\bin\pacman.exe --noconfirm -S zstd autoconf automake flex bison perl perl-JSON texinfo
+
+            - name: Build
+              shell: cmd
+              run: |
+                set "PATH=%PATH%;C:\msys64\usr\bin"
+                set "PATH=%PATH%;C:\Program Files (x86)\HTML Help Workshop"
+                set "PATH=%PATH%;C:\Program Files\OpenSSL\bin"
                 set CODESIGN_PKT=0000000000000000
-                set dbg__type=Debug
                 mkdir %INSTALL_DIR%
-                pacman --noconfirm -S zstd
-                pacman --noconfirm -S autoconf
-                pacman --noconfirm -S automake
-                pacman --noconfirm -S flex
-                pacman --noconfirm -S bison
-                pacman --noconfirm -S perl
-                pacman --noconfirm -S perl-JSON
-                pacman --noconfirm -S texinfo
-                set PATH=%PATH%;%wix%bin
-                title Heimdal Build %CPU% %dbg__type%
-                set "PATH=%PATH%;C:\Perl64\bin;C:\tools\cygwin\bin;C:\Program Files (x86)\HTML Help Workshop"
-                set "PATH=%PATH%;C:/msys64/usr/bin"
-                set "PATH=%PATH%;C:\program files (x86)\windows installer xml v3.5\bin;C:\cygwin\bin"
-                set "PATH=%PATH%;C:\Python310-x64"
                 echo PATH=%PATH%
-                nmake /f NTMakefile APPVEYOR=1 MAKEINFO=makeinfo NO_INSTALLERS=1
-                nmake /f NTMakefile APPVEYOR=1 MAKEINFO=makeinfo NO_INSTALLERS=1 test
+                echo INCLUDE_openssl_crypto=%INCLUDE_openssl_crypto%
+                echo LIB_openssl_crypto=%LIB_openssl_crypto%
+                echo Compiler: ${{ matrix.compiler }}
+                if "${{ matrix.compiler }}"=="clang-cl" (
+                    clang-cl --version
+                    nmake /f NTMakefile CC=clang-cl GHA=1 NO_INSTALLERS=1 INCLUDE_openssl_crypto="%INCLUDE_openssl_crypto%" LIB_openssl_crypto="%LIB_openssl_crypto%" CFLAGS="-msse2"
+                ) else (
+                    nmake /f NTMakefile GHA=1 NO_INSTALLERS=1 INCLUDE_openssl_crypto="%INCLUDE_openssl_crypto%" LIB_openssl_crypto="%LIB_openssl_crypto%"
+                )
+
+            - name: Test
+              shell: cmd
+              run: |
+                set "PATH=%PATH%;C:\msys64\usr\bin"
+                set "PATH=%PATH%;C:\Program Files\OpenSSL\bin"
+                nmake /f NTMakefile GHA=1 NO_INSTALLERS=1 test
+
             - name: Upload Artifacts
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
-                name: Objects
+                name: Objects-${{ matrix.compiler }}
                 path: 'D:/a/heimdal/heimdal/out/'

.gitignore

@@ -37,8 +37,6 @@ asn1_*_asn1.c
 *.log
 *.trs
 *.tmp
-result
-result-*
 
 # Top-level files.
 

.travis.yml

@@ -1,92 +0,0 @@
-os:
-    - linux
-    - osx
-
-language: c
-
-env:
-    global:
-        secure: "YKG77M7zMvJ+IeV2ziw//HcHqMqFoAzIZlE99Yw/aOn5pvMYKq6Ep7EFVhbfDu9yN0T7M5csCGQeH7/ylDlsZSRMUw72844ezMDM8e10T/lW/T/OYN7j1ZVHh3WSJgS+1D9VG6/Y0OY1Si3lb7PcOdAIU0fPJV5xQONN2+hpJeI="
-
-before_install:
-    - if [ $TRAVIS_OS_NAME = linux ]; then sudo apt-get update -qq; fi
-    - if [ $TRAVIS_OS_NAME = linux ]; then sudo apt-get install -qq bison comerr-dev flex libcap-ng-dev libdb-dev libedit-dev libjson-perl libldap2-dev libncurses5-dev libperl4-corelibs-perl libsqlite3-dev libkeyutils-dev pkg-config python ss-dev texinfo unzip netbase keyutils; fi
-    - if [ $TRAVIS_OS_NAME = linux ]; then sudo apt-get install -qq ldap-utils gdb apport; fi
-    - if [ $TRAVIS_OS_NAME = linux ]; then sudo apt-get install -qq curl libmicrohttpd-dev; fi
-    - if [ $TRAVIS_OS_NAME = linux -a -n "$COVERAGE" ]; then sudo apt-get install -qq jq; fi
-    - if [ $TRAVIS_OS_NAME = osx ]; then HOMEBREW_NO_AUTO_UPDATE=1 brew install cpanm bison flex berkeley-db lmdb openldap openssl; fi
-    - if [ $TRAVIS_OS_NAME = osx ]; then sudo cpanm install JSON; fi
-    - if [ $TRAVIS_OS_NAME = osx -a -n "$COVERAGE" ]; then brew install jq; fi
-    - mkdir ci-build
-    - mkdir coverity-build
-    - ./autogen.sh
-
-install:
-    - cd ci-build
-    - |
-      if [ $TRAVIS_OS_NAME = osx ]; then
-          LDFLAGS="-L/usr/local/opt/berkeley-db/lib -L/usr/local/opt/lmdb/lib" \
-          CFLAGS="-I/usr/local/opt/lmdb/include" \
-          ../configure \
-                  --srcdir=`dirname "$PWD"` \
-                  --prefix=/tmp/heimdal \
-                  --enable-maintainer-mode $COVERAGE \
-                  --enable-static=no \
-                  --enable-pthread-support \
-                  --disable-afs-support \
-                  --disable-ndbm-db \
-                  --with-openldap=/usr/local/opt/openldap \
-                  --with-openssl=/usr/local/opt/openssl/ \
-                  --with-hcrypto-default-backend=ossl \
-                  --with-berkeley-db \
-                  --with-berkeley-db-include=/usr/local/opt/berkeley-db/include
-      else
-          # This list of -Wno-error options should be reduced over time where possible
-          if [ x"$TRAVIS_COMPILER" != x"clang" ]; then
-              CFLAGS="-Wno-error=empty-body -Wno-error=shadow -Wno-error=unused-value -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations" ../configure --enable-developer --srcdir=`dirname "$PWD"` --enable-maintainer-mode $COVERAGE
-          else
-              CFLAGS="-Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations" ../configure --enable-developer --srcdir=`dirname "$PWD"` --enable-maintainer-mode $COVERAGE
-          fi
-      fi
-    - ulimit -c unlimited; make -j3
-
-script:
-    - if [ x${COVERITY_SCAN_BRANCH} != x1 ]; then ulimit -c unlimited; make check${MAKE_CHECK_SUFFIX}; fi
-
-after_script:
-    - if [ -n "$COVERAGE" ]; then ../tools/coveralls-tool -O $PWD -S ..; fi
-    - find . -name \*.log -print0|xargs -0 grep '^==[1-9]'
-
-after_failure:
-    - find . -name test-suite.log -print0 | xargs -0 cat
-    - if [ $TRAVIS_OS_NAME = linux ]; then echo "thread apply all bt" > x; find . -name core -print | while read core; do gdb -batch -x x `file "$core"|sed -e "s/^[^']*'//" -e "s/[ '].*$//"` "$core"; done; fi
-    - if [ $TRAVIS_OS_NAME = osx ]; then find . -name core -print | while read core; do echo bt | lldb --core "$core" `file "$core"|sed -e "s/^[^']*'//" -e "s/[ '].*$//"` "$core"; done; fi
-
-compiler:
-    - clang
-    - gcc
-
-matrix:
-    include:
-      - os: linux
-        compiler: gcc
-        env: COVERAGE=--enable-gcov
-    exclude:
-      - os: osx
-        compiler: gcc
-
-notifications:
-    email:
-        on_success: change
-        on_failure: always
-
-addons:
-
-    coverity_scan:
-        project:
-            name: "heimdal/heimdal"
-            description: "Build submitted via Travis CI"
-        notification_email: heimdal-builders@secure-endpoints.com
-        build_command_prepend: ../configure --enable-maintainer-mode
-        build_command: make
-        branch_pattern: coverity_scan

Makefile.am

@@ -52,6 +52,7 @@ EXTRA_DIST = \
 	cf/roken.m4 \
 	cf/valgrind-suppressions \
 	cf/maybe-valgrind.sh \
+	cf/maybe-helgrind.sh \
 	cf/symbol-version.py \
 	cf/w32-check-exported-symbols.pl \
 	cf/w32-def-from-dll.pl \

NEWS

@@ -1,8 +1,7 @@
 
-Partial news for a future Heimdal 8.0 release -- but NOTE WELL that this is NOT
-a release at this time!
+Release Notes - Heimdal - Version Heimdal 8.0 (future)
 
-Bug fixes
+ Bug fixes:
 
  - Errors found by the Coverity static analysis.
  - Errors found by the LLVM scan-build static analyzer.
@@ -11,17 +10,37 @@ Bug fixes
  - iprop bugs, race conditions, and performance
  - Many misc. bugs
 
-Features:
+ Defaults changes:
 
+ - Default enctypes set to: aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192.
+ - 1DES now disabled by default in the build configuration.
+   Use `./configure --with-1des=yes` to re-enable 1DES.
+   (Use `--with-3des=no` to disable 3DES.)
+   (Use `--with-arcfour` to disable RC4.)
+
+ Features:
+
+ - OpenSSL 3 support (hcrypto has been removed).
+ - OpenSSL 3 provider support, including propq (e.g., for enabling FIPS) and
+   PKCS#11 providers such as the Latchset provider
+   (https://github.com/latchset/pkcs11-provider).
+ - PKINIT: RFC 8636 (algorithm agility) implemented.
+ - PKINIT: ECDH w/ NIST and X curves implemented.
+ - PKINIT: Support for ECDSA and EdDSA implemented.
+ - PKINIT: RSA key transport is disabled by default
  - KDC: Add FAST support for TGS.
  - KDC: Greatly improved plugin facility for Samba.
  - KDC: Add httpkadmind service providing a subset of kadmin
         functionality over HTTP.
- - KDC: Add support for virtual service principal namespaces.
+ - KDC: Add support for virtual service principal namespaces, which rekey
+        service principals on a clock.
  - KDC: Add support for synthetic client principals that exist if the
         pre-authentication mechanism (e.g., PKINIT) can authenticate
         them, thus not requiring an HDB entry.
- - KDC: Add experimental GSS-API pre-authentication support.
+        Together with virtual service principal namespaces this allows for
+        realms with minimal, primarily read-only HDBs.
+ - KDC: Add experimental GSS-API pre-authentication support for Kerberos KDC
+        exchanges.
  - KDC: Revamp and enhance kx509 support (though bx509d mostly replaces kx509).
  - KDC: Better support for aliases and referrals.
  - KDC: Always return the salt in the PA-ETYPE-INFO[2].
@@ -29,14 +48,18 @@ Features:
  - KDC: allow anonymous AS requests with long-term keys.
  - KDC: Do not include PAC for anonymous AS requests.
  - KDC: Enable keepalive mode on incoming sockets.
- - KDC: Greatly improved logging.
+ - KDC: Greatly improved logging, with one structured log message per-request,
+        with all details as key/value pairs.
  - KDC: Remove KRB5SignedPath, to be replaced with PAC.
  - PKIX: Add bx509d -- an online certification authority (CA) with an HTTP API.
- - kadmin: Add HTTP-based kadmin protocol.
+ - PKIX: Add support elliptic curve signatures (ECDSA and EdDSA).
+ - PKIX: Add support for modern password-based encryption ciphers for PKCS#12.
+ - kadmind: Add httpkadmind, an HTTP-based kadmin protocol.
  - kadmin: Add add_alias, del_alias.
  - kadmin: Add command aliases to man page.
  - kadmin: Add disallow-client attribute.
- - kadmin: add --hdb / -H argument.
+ - kadmin: Improve -e enctype option support.
+ - kadmin: Add --hdb / -H argument.
  - kadmin: Allow enforcing password quality on admin password change.
  - kadmin: Improve ext_keytab usage.
  - kadmin: Selective pruning of historic key for principal.
@@ -53,12 +76,13 @@ Features:
  - krb5: Implement KRB5_TRACE environment variable.
  - krb5: Add experimental name canonicalization rules configuration.
  - krb5: Support start_realm ccconfig entry type.
- - kinit: Add --default-for option for ccache collection support.
+ - kinit: Add --default-for-principal option for ccache collection support.
  - kinit: Add --pk-anon-fast-armor option.
  - kinit: Don't leave dangling temporary ccaches.
  - klist: Better --json
  - iprop: Many performance and scaling enhancements.
  - iprop: Support hierarchical propagation.
+ - iprop: Support fast full props by using async writes during transfer.
  - ASN.1: Document fuzzing process.
  - ASN.1: Complete template backend.
  - ASN.1: Add partial Information Object System support (template backend
@@ -71,31 +95,50 @@ Features:
  - ASN.1: Support circular types.
  - ASN.1: Topographically sort declarations.
  - ASN.1: Proper support for IMPLICIT tags.
- - GSS: Import gss-token(1) command.
  - GSS: Add advanced credential store / load functionality.
+ - GSS: Add gss_acquire_cred_from() and credential store extensions.
  - GSS: Add name attributes support, with support for many basic attributes
         and PAC buffer accessors too.
  - GSS: Add SANON mechanism for anonymous-only key exchange using
-   elliptic curve Diffie-Hellman (ECDH) with Curve25519.
- - GSS: Add gss_acquire_cred_from() and credential store extensions.
+        elliptic curve Diffie-Hellman (ECDH) with Curve25519.
  - GSS: Support fragmented tokens reassembly (for SMB).
  - GSS: Support client keytab.
  - GSS: Add NegoEx support.
- - libhx509: Lots of improvements.
+ - GSS: Import gss-token(1) command.
+ - GSS: Improve gsstoool(1) command.
  - hxtool: Add "acert" (assert cert contents) command
  - hxtool: add cert type: https-negotiate-server
  - hxtool: add generate-key command
  - hxtool: Add OID symbol resolution and printing of OIDs known to hxtool.
  - hxtool: Add print --raw-json option that shows certificates in JSON, with
            all extensions and attributes known to Heimdal fully decoded.
- - hxtool: Improved SAN support.
- - hxtool: Improved CSR support.
+ - hxtool: Greatly improved SAN support.
+ - hxtool: Greatly improved CSR support.
+ - hxtool: Greatly improved manual page.
  - Improved plugin interfaces.
- - hcrypto: Add X25519.
- - hcrypto: Better RSA key generation.
- - hcrypto: import libtommath v1.2.0.
  - roken: Add secure_getenv() and issuid(), use them extensively.
 
+ Features removed:
+
+ - NTLM support.
+ - "digest" server functionality in KDC (for NTLM).
+ - OTP.
+ - libhcrypto.
+
+ Feature removal warnings:
+
+ - 1DES and RC4 may be removed in Heimdal 8.2
+
+ Upgrade considerations:
+
+ - Due to a change in HDB schema operators should check that Heimdal 8.x can
+   dump HDBs modified by Heimdal 7.x before upgrading from 7.x to 8.x.
+
+ Downgrade considerations:
+
+ - Due to a change in HDB schema operators should check that Heimdal 7.x can
+   dump HDBs modified by Heimdal 8.x before downgrading from 8.x to 7.x.
+
 Release Notes - Heimdal - Version Heimdal 7.8
 
  Bug fixes

NTMakefile

@@ -33,7 +33,7 @@
 thirdparty=thirdparty
 !endif
 
-!ifdef APPVEYOR
+!ifdef GHA
 SUBDIRS = include lib kuser kdc admin kadmin kpasswd appl \
 	tools tests packages etc
 !else

README.md

@@ -1,8 +1,6 @@
 [![GitHub Build Workflow](https://github.com/heimdal/heimdal/actions/workflows/linux.yml/badge.svg)](https://github.com/heimdal/heimdal/actions?query=workflow%3Alinux)
 [![GitHub Build Workflow](https://github.com/heimdal/heimdal/actions/workflows/osx.yml/badge.svg)](https://github.com/heimdal/heimdal/actions?query=workflow%3Aosx)
 [![GitHub Build Workflow](https://github.com/heimdal/heimdal/actions/workflows/windows.yml/badge.svg)](https://github.com/heimdal/heimdal/actions?query=workflow%3Awindows)
-[![Appveyor-CI build (Windows)](https://ci.appveyor.com/api/projects/status/6j0k0m7kd6jjj4tw/branch/master?svg=true)](https://ci.appveyor.com/project/heimdal/heimdal/branch/master)
-[![Coverage Status](https://coveralls.io/repos/github/heimdal/heimdal/badge.svg?branch=master)](https://coveralls.io/github/heimdal/heimdal?branch=master)
 
 Heimdal
 =======
@@ -35,5 +33,3 @@ Build Status
 [![GitHub Build Workflow](https://github.com/heimdal/heimdal/actions/workflows/linux.yml/badge.svg)](https://github.com/heimdal/heimdal/actions?query=workflow%3Alinux)
 [![GitHub Build Workflow](https://github.com/heimdal/heimdal/actions/workflows/osx.yml/badge.svg)](https://github.com/heimdal/heimdal/actions?query=workflow%3Aosx)
 [![GitHub Build Workflow](https://github.com/heimdal/heimdal/actions/workflows/windows.yml/badge.svg)](https://github.com/heimdal/heimdal/actions?query=workflow%3Awindows)
-[![Appveyor-CI build (Windows)](https://ci.appveyor.com/api/projects/status/6j0k0m7kd6jjj4tw/branch/master?svg=true)](https://ci.appveyor.com/project/heimdal/heimdal/branch/master)
-[![Coverage Status](https://coveralls.io/repos/github/heimdal/heimdal/badge.svg?branch=master)](https://coveralls.io/github/heimdal/heimdal?branch=master)

admin/Makefile.am

@@ -2,12 +2,14 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += $(INCLUDE_readline)
+AM_CPPFLAGS += $(INCLUDE_readline) -I$(srcdir)/../lib/krb5
 
 man_MANS = ktutil.1
 
 bin_PROGRAMS = ktutil
 
+ktutil_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/../lib/krb5
+
 dist_ktutil_SOURCES =				\
 	add.c					\
 	change.c				\
@@ -34,7 +36,6 @@ ktutil-commands.c ktutil-commands.h: ktutil-commands.in
 LDADD = \
 	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
 	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(top_builddir)/lib/sl/libsl.la \
 	$(LIB_heimbase) \

admin/add.c

@@ -96,8 +96,8 @@ kt_add(struct add_options *opt, int argc, char **argv)
 	    goto out;
     }
     if(opt->password_string == NULL && opt->random_flag == 0) {
-	if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ",
-				  UI_UTIL_FLAG_VERIFY)) {
+        if(_krb5_UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ",
+                                        UI_UTIL_FLAG_VERIFY)) {
 	    ret = 1;
 	    goto out;
 	}

admin/ktutil_locl.h

@@ -55,6 +55,7 @@
 
 #include "crypto-headers.h"
 #include <krb5.h>
+#include <krb5_locl.h>
 #include <kadm5/admin.h>
 #include <kadm5/kadm5_err.h>
 

appl/Makefile.am

@@ -2,19 +2,11 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-if OTP
-dir_otp = otp
-endif
 if DCE
 dir_dce = dceutils
 endif
-if !NO_AFS
-dir_afsutil = afsutil
-endif
 SUBDIRS = 					\
-	  $(dir_afsutil)			\
 	  dbutils				\
-	  $(dir_otp)				\
 	  gssmask				\
 	  test					\
 	  kf					\

appl/afsutil/ChangeLog

@@ -1,125 +0,0 @@
-2007-04-11  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* pagsh.1,afslog.1: - options must be lexicographically ordered;
-	  again, options without arguments must be placed before options
-	  with arguments.  - manual page cross references are done using
-	  the macro `.Xr', not the macro `.Nm' (used for command names
-	  instead).
-	
-	From Igor Sobrado.
-	
-2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-	
-2006-01-03  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* afslog.1: Document options to allow select principal or
-	credential cache when doing afslog.
-
-	* afslog.c: Add options to allow select principal or credential
-	cache when doing afslog.
-	
-2005-02-12  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* Makefile.am: man_MANS += pagsh.1
-
-	* pagsh.c: add --cache-type that allows the user to control the
-	resulting credential cache type, inherit the type from the
-	invoking process
-
-	* pagsh.1: manpage for pagsh
-
-2004-09-03  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* afslog.c: use negative string help string for arg_negative_flag
-	Pointed out by Harald Barth
-	
-2004-07-27  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* pagsh.c: use setprogname, if we stripped off -c, try use the
-	fallback code
-	
-2003-10-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pagsh.c: mkstemp formats must end in exactly six X's
-
-2003-07-15  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* afslog.c (do_afslog): is cell is unset, set it "<default cell>"
-	for error printing
-
-	* pagsh.c: unconditionally set KRBTKFILE
-	
-2003-04-23  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* afslog.c (log_func): drop the error number
-	
-2003-04-14  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* afslog.c: set kafs log function if verbose is turned on
-	
-2003-03-18  Love Hörnquist Åstrand  <lha@it.su.se>
-	
-	* Makefile.am (LDADD): use LIB_kafs
-	
-	* afslog.1: --no-v4, --no-v5
-	
-	* Makefile.am: always build afsutils now
-	
-	* afslog.c: make build without KRB4
-	
-2002-11-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afslog.c: remove plural form in help string
-
-	* Makefile.am: add afslog manpage
-
-	* afslog.1: manpage
-
-	* afslog.c: try more files when trying to expand a cell name
-
-	* afslog.c: create a list of cells to get tokens for, before
-	actually doing anything, and try to get tokens via krb4 if krb5
-	fails, and give it a chance to work with krb4-only; also some bug
-	fixes, partially from Tomas Olsson.
-
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* pagsh.c: make it handle --version/--help
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (main): call free_getarg_strings
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (main): handle krb5_init_context failure consistently
-
-2000-12-25  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c: clarify usage strings
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* pagsh.c (main): use mkstemp to generate temporary file names.
-  	From Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-07-04  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (expand_cell_name): terminate on #.  From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-1999-06-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (bin_PROGRAMS): only include pagsh if KRB4
-
-1999-06-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add pagsh
-
-	* pagsh.c: new file.  contributed by Miroslav Ruda <ruda@ics.muni.cz>
-
-Sat Mar 27 12:49:43 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* afslog.c: cleanup option parsing

appl/afsutil/Makefile.am

@@ -1,19 +0,0 @@
-# $Id$
-
-include $(top_srcdir)/Makefile.am.common
-
-bin_PROGRAMS = afslog pagsh
-
-afslog_SOURCES = afslog.c
-
-pagsh_SOURCES  = pagsh.c
-
-man_MANS = afslog.1 pagsh.1
-
-LDADD = $(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken)
-
-EXTRA_DIST = NTMakefile $(man_MANS)

appl/afsutil/NTMakefile

@@ -1,35 +0,0 @@
-########################################################################
-#
-# Copyright (c) 2009, Secure Endpoints Inc.
-# All rights reserved.
-# 
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 
-# - Redistributions of source code must retain the above copyright
-#   notice, this list of conditions and the following disclaimer.
-# 
-# - Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in
-#   the documentation and/or other materials provided with the
-#   distribution.
-# 
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# 
-
-RELDIR=appl\afsutil 
-
-!include ../../windows/NTMakefile.w32 
-

appl/afsutil/afslog.1

@@ -1,147 +0,0 @@
-.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id$
-.\"
-.Dd November 26, 2002
-.Dt AFSLOG 1
-.Os HEIMDAL
-.Sh NAME
-.Nm afslog
-.Nd obtain AFS tokens
-.Sh SYNOPSIS
-.Nm
-.Op Fl h | Fl Fl help
-.Op Fl Fl no-v5
-.Op Fl u | Fl Fl unlog
-.Op Fl v | Fl Fl verbose
-.Op Fl Fl version
-.Oo Fl c Ar cell \*(Ba Xo
-.Fl Fl cell= Ns Ar cell
-.Xc
-.Oc
-.Oo Fl k Ar realm \*(Ba Xo
-.Fl Fl realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl P Ar principal \*(Ba Xo
-.Fl Fl principal= Ns Ar principal
-.Xc
-.Oc
-.Bk -words
-.Oo Fl p Ar path \*(Ba Xo
-.Fl Fl file= Ns Ar path
-.Xc
-.Oc
-.Ek
-.Op Ar cell | path ...
-.Sh DESCRIPTION
-.Nm
-obtains AFS tokens for a number of cells. What cells to get tokens for
-can either be specified as an explicit list, as file paths to get
-tokens for, or be left unspecified, in which case
-.Nm
-will use whatever magic
-.Xr krb_afslog 3
-decides upon.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Fl Fl no-v5
-This makes
-.Nm
-not try using Kerberos 5.
-.It Xo
-.Fl P Ar principal ,
-.Fl Fl principal Ar principal
-.Xc
-select what Kerberos 5 principal to use.
-.It Fl Fl cache Ar cache
-select what Kerberos 5 credential cache to use.
-.Fl Fl principal
-overrides this option.
-.It Xo
-.Fl u ,
-.Fl Fl unlog
-.Xc
-Destroy tokens instead of obtaining new. If this is specified, all
-other options are ignored (except for
-.Fl Fl help
-and
-.Fl Fl version ) .
-.It Xo
-.Fl v ,
-.Fl Fl verbose
-.Xc
-Adds more verbosity for what is actually going on.
-.It Xo
-.Fl c Ar cell,
-.Fl Fl cell= Ns Ar cell
-.Xc
-This specified one or more cell names to get tokens for.
-.It Xo
-.Fl k Ar realm ,
-.Fl Fl realm= Ns Ar realm
-.Xc
-This is the Kerberos realm the AFS servers live in, this should
-normally not be specified.
-.It Xo
-.Fl p Ar path ,
-.Fl Fl file= Ns Ar path
-.Xc
-This specified one or more file paths for which tokens should be
-obtained.
-.El
-.Pp
-Instead of using
-.Fl c
-and
-.Fl p ,
-you may also pass a list of cells and file paths after any other
-options. These arguments are considered files if they are either
-the strings
-.Do . Dc
-or
-.Dq ..
-or they contain a slash, or if there exists a file by that name.
-.Sh EXAMPLES
-Assuming that there is no file called
-.Dq openafs.org
-in the current directory, and that
-.Pa /afs/openafs.org
-points to that cell, the follwing should be identical:
-.Bd -literal -offset indent
-$ afslog -c openafs.org
-$ afslog openafs.org
-$ afslog /afs/openafs.org/some/file
-.Ed
-.Sh SEE ALSO
-.Xr krb_afslog 3

appl/afsutil/afslog.c

@@ -1,303 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id$");
-#endif
-#include <ctype.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#include <kafs.h>
-#include <roken.h>
-#include <getarg.h>
-#include <err.h>
-
-static int help_flag;
-static int version_flag;
-static getarg_strings cells;
-static char *realm;
-static getarg_strings files;
-static int unlog_flag;
-static int verbose;
-#ifdef KRB5
-static char *client_string;
-static char *cache_string;
-static int use_krb5 = 1;
-#endif
-
-struct getargs args[] = {
-    { "cell",	'c', arg_strings, &cells, "cells to get tokens for", "cell" },
-    { "file",	'p', arg_strings, &files, "files to get tokens for", "path" },
-    { "realm",	'k', arg_string, &realm, "realm for afs cell", "realm" },
-    { "unlog",	'u', arg_flag, &unlog_flag, "remove tokens", NULL },
-#ifdef KRB5
-    { "principal",'P',arg_string,&client_string,"principal to use","principal"},
-    { "cache",   0,  arg_string, &cache_string, "ccache to use", "cache"},
-    { "v5",	 0,  arg_negative_flag, &use_krb5, "don't use Kerberos 5",
-      NULL },
-#endif
-    { "verbose",'v', arg_flag, &verbose, NULL, NULL },
-    { "version", 0,  arg_flag, &version_flag, NULL, NULL },
-    { "help",	'h', arg_flag, &help_flag, NULL, NULL },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-#ifdef KRB5
-krb5_context context;
-krb5_ccache id;
-#endif
-
-static const char *
-expand_one_file(FILE *f, const char *cell)
-{
-    static char buf[1024];
-    char *p;
-
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if(buf[0] == '>') {
-	    for(p = buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++)
-		;
-	    *p = '\0';
-	    if(strncmp(buf + 1, cell, strlen(cell)) == 0)
-		return buf + 1;
-	}
-	buf[0] = '\0';
-    }
-    return NULL;
-}
-
-static const char *
-expand_cell_name(const char *cell)
-{
-    FILE *f;
-    const char *c;
-    const char **fn, *fns[] = { _PATH_CELLSERVDB,
-				_PATH_ARLA_CELLSERVDB,
-				_PATH_OPENAFS_DEBIAN_CELLSERVDB,
-				_PATH_ARLA_DEBIAN_CELLSERVDB,
-				NULL };
-    for(fn = fns; *fn; fn++) {
-	f = fopen(*fn, "r");
-	if(f == NULL)
-	    continue;
-	c = expand_one_file(f, cell);
-	fclose(f);
-	if(c)
-	    return c;
-    }
-    return NULL;
-}
-
-static void
-usage(int ecode)
-{
-    arg_printusage(args, num_args, NULL, "[cell|path]...");
-    exit(ecode);
-}
-
-struct cell_list {
-    char *cell;
-    struct cell_list *next;
-} *cell_list;
-
-static int
-afslog_cell(const char *cell, int expand)
-{
-    struct cell_list *p, **q;
-    const char *c = cell;
-    if(expand){
-	c = expand_cell_name(cell);
-	if(c == NULL){
-	    warnx("No cell matching \"%s\" found.", cell);
-	    return -1;
-	}
-	if(verbose && strcmp(c, cell) != 0)
-	    warnx("Cell \"%s\" expanded to \"%s\"", cell, c);
-    }
-    /* add to list of cells to get tokens for, and also remove
-       duplicates; the actual afslog takes place later */
-    for(p = cell_list, q = &cell_list; p; q = &p->next, p = p->next)
-	if(strcmp(p->cell, c) == 0)
-	    return 0;
-    p = malloc(sizeof(*p));
-    if(p == NULL)
-	return -1;
-    p->cell = strdup(c);
-    if(p->cell == NULL) {
-	free(p);
-	return -1;
-    }
-    p->next = NULL;
-    *q = p;
-    return 0;
-}
-
-static int
-afslog_file(const char *path)
-{
-    char cell[64];
-    if(k_afs_cell_of_file(path, cell, sizeof(cell))){
-	warnx("No cell found for file \"%s\".", path);
-	return -1;
-    }
-    if(verbose)
-	warnx("File \"%s\" lives in cell \"%s\"", path, cell);
-    return afslog_cell(cell, 0);
-}
-
-static int
-do_afslog(const char *cell)
-{
-    int k5ret;
-
-    k5ret = 0;
-
-#ifdef KRB5
-    if(context != NULL && id != NULL && use_krb5) {
-	k5ret = krb5_afslog(context, id, cell, realm);
-	if(k5ret == 0)
-	    return 0;
-    }
-#endif
-    if (cell == NULL)
-	cell = "<default cell>";
-#ifdef KRB5
-    if (k5ret)
-	krb5_warn(context, k5ret, "krb5_afslog(%s)", cell);
-#endif
-    if (k5ret)
-	return 1;
-    return 0;
-}
-
-static void
-log_func(void *ctx, const char *str)
-{
-    fprintf(stderr, "%s\n", str);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    int i;
-    int num;
-    int ret = 0;
-    int failed = 0;
-    struct cell_list *p;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(!k_hasafs())
-	errx(1, "AFS does not seem to be present on this machine");
-
-    if(unlog_flag){
-	k_unlog();
-	exit(0);
-    }
-#ifdef KRB5
-    ret = krb5_init_context(&context);
-    if (ret) {
-	context = NULL;
-    } else {
-	if (client_string) {
-	    krb5_principal client;
-
-	    ret = krb5_parse_name(context, client_string, &client);
-	    if (ret == 0)
-		ret = krb5_cc_cache_match(context, client, &id);
-	    if (ret)
-		id = NULL;
-	}
-	if (id == NULL && cache_string) {
-	    if(krb5_cc_resolve(context, cache_string, &id) != 0) {
-		krb5_warnx(context, "failed to open kerberos 5 cache '%s'",
-			   cache_string);
-		id = NULL;
-	    }
-	}
-	if (id == NULL)
-	    if(krb5_cc_default(context, &id) != 0)
-		id = NULL;
-    }
-#endif
-
-    if (verbose)
-	kafs_set_verbose(log_func, NULL);
-
-    num = 0;
-    for(i = 0; i < files.num_strings; i++){
-	afslog_file(files.strings[i]);
-	num++;
-    }
-    free_getarg_strings (&files);
-    for(i = 0; i < cells.num_strings; i++){
-	afslog_cell(cells.strings[i], 1);
-	num++;
-    }
-    free_getarg_strings (&cells);
-    for(i = optidx; i < argc; i++){
-	num++;
-	if(strcmp(argv[i], ".") == 0 ||
-	   strcmp(argv[i], "..") == 0 ||
-	   strchr(argv[i], '/') ||
-	   access(argv[i], F_OK) == 0)
-	    afslog_file(argv[i]);
-	else
-	    afslog_cell(argv[i], 1);
-    }
-    if(num == 0) {
-	if(do_afslog(NULL))
-	    failed++;
-    } else
-	for(p = cell_list; p; p = p->next) {
-	    if(verbose)
-		warnx("Getting tokens for cell \"%s\"", p->cell);
-	    if(do_afslog(p->cell))
-		failed++;
-    }
-
-    return failed;
-}

appl/afsutil/pagsh.1

@@ -1,94 +0,0 @@
-.\" Copyright (c) 2005 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id$
-.\"
-.Dd February 12, 2005
-.Dt PAGSH 1
-.Os
-.Sh NAME
-.Nm pagsh
-.Nd creates a new credential cache sandbox
-.Sh SYNOPSIS
-.Nm
-.Op Fl c Ar command-string
-.Op Fl h | Fl Fl help
-.Op Fl Fl version
-.Op Fl Fl cache-type= Ns Ar string
-.Ar command [args...]
-.Sh DESCRIPTION
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar command-string
-Executes command(s) contained in
-.Ar command-string .
-.Xc
-.It Xo
-.Fl Fl cache-type= Ns Ar string
-.Xc
-.It Xo
-.Fl h ,
-.Fl Fl help
-.Xc
-.It Xo
-.Fl Fl version
-.Xc
-.El
-.Pp
-.Nm
-creates a new credential cache sandbox for the user to live in.
-If AFS is installed on the computer, the user is put in a newly
-created Process Authentication Group (PAG).
-.Pp
-For Kerberos 5, the credential cache type that is used is the same as
-the credential cache type that was used at the time of
-.Nm
-invocation.
-The credential cache type can be controlled by the option
-.Fl Fl cache-type .
-.Sh EXAMPLES
-Create a new sandbox where new credentials can be used, while the old
-credentials can be used by other processes.
-.Bd -literal -offset indent
-$ klist
-Credentials cache: FILE:/tmp/krb5cc_913
-        Principal: lha@E.KTH.SE
-
-  Issued           Expires          Principal
-Feb 12 10:08:31  Feb 12 20:06:36  krbtgt/E.KTH.SE@E.KTH.SE
-$ pagsh
-$ klist
-klist: No ticket file: /tmp/krb5cc_03014a
-.Ed
-.Sh SEE ALSO
-.Xr afslog 1 ,
-.Xr kinit 1

appl/afsutil/pagsh.c

@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id$");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <time.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#include <kafs.h>
-
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-#ifndef TKT_ROOT
-#define TKT_ROOT "/tmp/tkt"
-#endif
-
-static int help_flag;
-static int version_flag;
-static int c_flag;
-#ifdef KRB5
-static char *typename_arg;
-#endif
-
-struct getargs getargs[] = {
-    { NULL,	'c', arg_flag, &c_flag, NULL, NULL },
-#ifdef KRB5
-    { "cache-type", 0,  arg_string, &typename_arg, NULL, NULL },
-#endif
-    { "version", 0,  arg_flag, &version_flag, NULL, NULL },
-    { "help",	'h', arg_flag, &help_flag, NULL, NULL },
-};
-
-static int num_args = sizeof(getargs) / sizeof(getargs[0]);
-
-static void
-usage(int ecode)
-{
-    arg_printusage(getargs, num_args, NULL, "command [args...]");
-    exit(ecode);
-}
-
-/*
- * Run command with a new ticket file / credentials cache / token
- */
-
-int
-main(int argc, char **argv)
-{
-    int f;
-    char tf[1024];
-    char shellbuf[MAX_PATH];
-    char *p;
-
-    char *path;
-    char **args;
-    unsigned int i;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(getargs, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-#ifdef KRB5
-    {
-	krb5_error_code ret;
-	krb5_context context;
-	krb5_ccache id;
-	const char *name;
-
-	ret = krb5_init_context(&context);
-	if (ret) /* XXX should this really call exit ? */
-	    errx(1, "no kerberos 5 support");
-
-	ret = krb5_cc_new_unique(context, typename_arg, NULL, &id);
-	if (ret)
-	    krb5_err(context, 1, ret, "Failed generating credential cache");
-
-	name = krb5_cc_get_name(context, id);
-	if (name == NULL)
-	    krb5_errx(context, 1, "Generated credential cache have no name");
-
-	snprintf(tf, sizeof(tf), "%s:%s", krb5_cc_get_type(context, id), name);
-
-	ret = krb5_cc_close(context, id);
-	if (ret)
-	    krb5_err(context, 1, ret, "Failed closing credential cache");
-
-	krb5_free_context(context);
-
-	esetenv("KRB5CCNAME", tf, 1);
-    }
-#endif
-
-    snprintf (tf, sizeof(tf), "%s_XXXXXX", TKT_ROOT);
-    f = mkstemp (tf);
-    if (f < 0)
-	err(1, "mkstemp failed");
-    close (f);
-    unlink (tf);
-    esetenv("KRBTKFILE", tf, 1);
-
-    i = 0;
-
-    args = (char **) malloc((argc + 10)*sizeof(char *));
-    if (args == NULL)
-	errx (1, "Out of memory allocating %lu bytes",
-	      (unsigned long)((argc + 10)*sizeof(char *)));
-
-    if(*argv == NULL) {
-        if (roken_get_shell(shellbuf, sizeof(shellbuf)) != NULL)
-            path = strdup(shellbuf);
-        else
-            path = strdup("/bin/sh");
-    } else {
-	path = strdup(*argv++);
-    }
-    if (path == NULL)
-	errx (1, "Out of memory copying path");
-
-    p=strrchr(path, '/');
-    if(p)
-	args[i] = strdup(p+1);
-    else
-	args[i] = strdup(path);
-
-    if (args[i++] == NULL)
-	errx (1, "Out of memory copying arguments");
-
-    while(*argv)
-	args[i++] = *argv++;
-
-    args[i++] = NULL;
-
-    if(k_hasafs())
-	k_setpag();
-
-    unsetenv("PAGPID");
-    execvp(path, args);
-    if (errno == ENOENT || c_flag) {
-	char **sh_args = malloc ((i + 2) * sizeof(char *));
-	unsigned int j;
-
-	if (sh_args == NULL)
-	    errx (1, "Out of memory copying sh arguments");
-	for (j = 1; j < i; ++j)
-	    sh_args[j + 2] = args[j];
-	sh_args[0] = "sh";
-	sh_args[1] = "-c";
-	sh_args[2] = path;
-	execv ("/bin/sh", sh_args);
-    }
-    err (1, "execvp");
-}

appl/gssmask/common.c

@@ -95,3 +95,13 @@ permutate_all(struct getarg_strings *strings, size_t *size)
     free(list);
     return all;
 }
+
+void
+tcp_nodelay(rk_socket_t sock)
+{
+#ifdef HAVE_NETINET_TCP_H
+    int on = 1;
+
+    (void)setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
+#endif
+}

appl/gssmask/common.h

@@ -46,6 +46,10 @@
 #include <sys/wait.h>
 #endif
 
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+
 #include <assert.h>
 #include <krb5.h>
 #include <gssapi/gssapi.h>
@@ -112,3 +116,5 @@ krb5_error_code store_string(krb5_storage *, const char *);
     } while(0)
 
 char *** permutate_all(struct getarg_strings *, size_t *);
+
+void tcp_nodelay(rk_socket_t);

appl/gssmask/gssmaestro.c

@@ -303,6 +303,7 @@ wait_log(struct client *c)
     sock2 = accept(sock, (struct sockaddr *)&sast, &salen);
     if (sock2 == rk_INVALID_SOCKET)
 	err(1, "failed to accept local socket for %s", c->moniker);
+    tcp_nodelay(sock2);
     rk_closesocket(sock);
 
     return sock2;
@@ -413,7 +414,8 @@ test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
     krb5_data msg, mic;
     int32_t val;
 
-    msg.data = "foo";
+    /* used read-only by get_mic, verify_mic */
+    msg.data = rk_UNCONST("foo");
     msg.length = 3;
 
     krb5_data_zero(&mic);
@@ -435,7 +437,8 @@ test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2,
     krb5_data msg, wrapped, out;
     int32_t val;
 
-    msg.data = "foo";
+    /* used read_only by encrypt_token */
+    msg.data = rk_UNCONST("foo");
     msg.length = 3;
 
     krb5_data_zero(&wrapped);
@@ -474,13 +477,16 @@ test_wrap_ext(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2,
     krb5_data header, msg, trailer, wrapped, out;
     int32_t val;
 
-    header.data = "header";
+    /* used read-only by wrap_token_ext, unwrap_token_ext */
+    header.data = rk_UNCONST("header");
     header.length = sizeof("header") - 1;
 
-    msg.data = "0123456789abcdef"; /* padded for most enctypes */
+    /* used read-only by wrap_token_ext */
+    msg.data = rk_UNCONST("0123456789abcdef"); /* padded for most enctypes */
     msg.length = sizeof("0123456789abcdef") - 1;
 
-    trailer.data = "trailer";
+    /* used read-only by wrap_token_ext, unwrap_token_ext */
+    trailer.data = rk_UNCONST("trailer");
     trailer.length = 7;
 
     krb5_data_zero(&wrapped);
@@ -633,6 +639,7 @@ connect_client(const char *slave)
 	sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
 	if (sock == rk_INVALID_SOCKET)
 	    continue;
+	tcp_nodelay(sock);
 	if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) {
 	    rk_closesocket(sock);
 	    sock = rk_INVALID_SOCKET;

appl/gssmask/gssmask.c

@@ -705,6 +705,7 @@ HandleOP(SetLoggingSocket)
     sock = socket(((struct sockaddr *)&c->sa)->sa_family, SOCK_STREAM, 0);
     if (sock == rk_INVALID_SOCKET)
 	return 0;
+    tcp_nodelay(sock);
 
     ret = connect(sock, (struct sockaddr *)&c->sa, c->salen);
     if (ret < 0) {
@@ -1180,6 +1181,9 @@ static int version_flag;
 static int help_flag;
 static char *logfile_str;
 static char *moniker_str;
+static int detach_flag;
+static int daemon_child_fd = -1;
+static char *pidfile_str;
 
 static int port = 4711;
 
@@ -1192,6 +1196,12 @@ struct getargs args[] = {
       "number-of-service" },
     { "moniker", 0,  arg_string,	&moniker_str,	"nickname",
       "name" },
+    { "detach", 0, arg_flag,		&detach_flag,	"detach from console",
+      NULL },
+    { "daemon-child", 0, arg_integer,	&daemon_child_fd, "private argument, do not use",
+      NULL },
+    { "pidfile", 0, arg_string,		&pidfile_str,	"write pid to file",
+      "file" },
     { "version", 0,  arg_flag,		&version_flag,	"Print version",
       NULL },
     { "help",	 0,  arg_flag,		&help_flag,	NULL,
@@ -1213,6 +1223,11 @@ main(int argc, char **argv)
 {
     int optidx	= 0;
     krb5_error_code ret;
+    struct addrinfo *ai, hints;
+    char portstr[NI_MAXSERV];
+    rk_socket_t *fds;
+    int num_fds;
+    int error;
 
     setprogname (argv[0]);
 
@@ -1238,6 +1253,9 @@ main(int argc, char **argv)
 	    errx (1, "Bad port `%s'", port_str);
     }
 
+    if (detach_flag && daemon_child_fd == -1)
+	daemon_child_fd = roken_detach_prep(argc, argv, "--daemon-child");
+
     ret = krb5_init_context(&context);
     if (ret)
 	errx(1, "Error initializing kerberos: %d", ret);
@@ -1252,12 +1270,32 @@ main(int argc, char **argv)
 	    err(1, "error opening %s", lf);
     }
 
-    mini_inetd(htons(port), NULL);
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_flags    = AI_PASSIVE;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_family   = PF_UNSPEC;
+
+    snprintf(portstr, sizeof(portstr), "%d", port);
+
+    error = getaddrinfo(NULL, portstr, &hints, &ai);
+    if (error)
+	errx(1, "getaddrinfo: %s", gai_strerror(error));
+
+    mini_inetd_addrinfo_listen(ai, &fds, &num_fds);
+    freeaddrinfo(ai);
+
+    if (pidfile_str)
+	rk_pidfile(pidfile_str);
+
+    roken_detach_finish(NULL, daemon_child_fd);
+
+    mini_inetd_accept(fds, num_fds, NULL);
     fprintf(logfile, "connected\n");
 
     {
 	struct client *c;
 
+	tcp_nodelay(0);
 	c = create_client(0, port, moniker_str);
 	/* close(0); */
 

appl/kf/Makefile.am

@@ -13,7 +13,6 @@ kf_SOURCES = kf.c kf_locl.h
 kfd_SOURCES = kfd.c kf_locl.h
 
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
 

appl/kf/kf.c

@@ -184,7 +184,7 @@ proto (int sock, const char *hostname, const char *svc,
     if (ccache_name == NULL)
 	ccache_name = "";
 
-    data_send.data   = (void *)remote_name;
+    data_send.data   = rk_UNCONST(remote_name);
     data_send.length = strlen(remote_name) + 1;
     status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
     if (status) {
@@ -192,7 +192,7 @@ proto (int sock, const char *hostname, const char *svc,
 	krb5_warn (context, status, "krb5_write_message");
 	return 1;
     }
-    data_send.data   = (void *)ccache_name;
+    data_send.data   = rk_UNCONST(ccache_name);
     data_send.length = strlen(ccache_name)+1;
     status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
     if (status) {

appl/kf/kfd.c

@@ -39,10 +39,10 @@ char krb5_tkfile[MAXPATHLEN];
 
 static int help_flag;
 static int version_flag;
-static char *port_str;
-char *service = KF_SERVICE;
+static const char *port_str;
+const char *service = KF_SERVICE;
 int do_inetd = 0;
-static char *regpag_str=NULL;
+static const char *regpag_str = NULL;
 
 static struct getargs args[] = {
     { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
@@ -176,9 +176,12 @@ proto (int sock, const char *svc)
 	krb5_err(context, 1, status, "krb5_unparse_name");
 
     if(protocol_version == 0) {
-	data.data = "old clnt"; /* XXX old clients only had room for
-                                   10 bytes of message, and also
-                                   didn't show it to the user */
+	/*
+	 * XXX old clients only had room for 10 bytes of message, and
+	 * also didn't show it to the user
+	 */
+	/* used read-only by krb5_write_message */
+	data.data = rk_UNCONST("old clnt");
 	data.length = strlen(data.data) + 1;
 	krb5_write_message(context, &sock, &data);
 	sleep(2); /* XXX give client time to finish */

appl/otp/ChangeLog

@@ -1,58 +0,0 @@
-2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
-
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-	
-2005-05-29  Love Hörquist Åstrand  <lha@it.su.se>
-
-	* Makefile.am: add LIB_roken as a explit dependency
-	
-2003-09-03  Love Hörquist Åstrand <lha@it.su.se>
-
-	* otpprint.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-	* otp.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-2003-02-25  Love Hörquist Åstrand <lha@it.su.se>
-
-	* otp.c: remove \n from errx, from NetBSD
-	
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* otpprint.1: sort parameters and close a list
-
-	* otp.1: sort parameters and close a list
-
-1999-09-14  Assar Westerlund  <assar@sics.se>
-
-	* otp.c (verify_user_otp): check return value from
- 	des_read_pw_string
-
-Thu Apr  1 16:51:07 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* otpprint.c: use getarg
-
-	* otp.c: use getarg
-
-Thu Mar 18 12:08:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar  4 19:45:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: DESTDIR
-
-Sat Feb 27 19:44:25 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add
-
-Sun Nov 22 10:32:50 1998  Assar Westerlund  <assar@sics.se>
-
-	* otpprint.c: more braces
-
-	* Makefile.in (WFLAGS): set
-
-Sun Dec 21 09:31:30 1997  Assar Westerlund  <assar@sics.se>
-
-	* otp.c (renew): don't set the OTP if the reading of the string
- 	fails.
-

appl/otp/Makefile.am

@@ -1,15 +0,0 @@
-# $Id$
-
-include $(top_srcdir)/Makefile.am.common
-
-bin_PROGRAMS = otp otpprint
-bin_SUIDS = otp
-otp_SOURCES = otp.c otp_locl.h
-otp_LDADD  = $(LIB_hcrypto) $(LIB_roken) $(top_builddir)/lib/otp/libotp.la
-otpprint_SOURCES = otpprint.c otp_locl.h
-
-otpprint_LDADD  = $(LIB_hcrypto) $(LIB_roken) $(top_builddir)/lib/otp/libotp.la
-
-man_MANS = otp.1  otpprint.1
-
-EXTRA_DIST = NTMakefile $(man_MANS)

appl/otp/NTMakefile

@@ -1,35 +0,0 @@
-########################################################################
-#
-# Copyright (c) 2009, Secure Endpoints Inc.
-# All rights reserved.
-# 
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 
-# - Redistributions of source code must retain the above copyright
-#   notice, this list of conditions and the following disclaimer.
-# 
-# - Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in
-#   the documentation and/or other materials provided with the
-#   distribution.
-# 
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# 
-
-RELDIR=appl\otp 
-
-!include ../../windows/NTMakefile.w32 
-

appl/otp/otp.1

@@ -1,90 +0,0 @@
-.\" Copyright (c) 1996, 2000 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id$
-.\"
-.Dd November 17, 1996
-.Dt OTP 1
-.Os KTH-KRB
-.Sh NAME
-.Nm otp
-.Nd manages one-time passwords
-.Sh SYNOPSIS
-.Nm otp
-.Op Fl dhlor
-.Op Fl f Ar algorithm
-.Op Fl u Ar user
-.Ar sequence-number
-.Ar seed
-.Sh DESCRIPTION
-The
-.Nm
-program initializes and updates your current series of one-time
-passwords (OTPs).
-.Pp
-Use this to set a new series of one-time passwords.  Only perform this
-on the console or over an encrypted link as you will have to supply
-your pass-phrase.  The other two parameters are
-.Ar sequence-number
-and
-.Ar seed .
-.Pp
-Options are:
-.Bl -tag -width Ds
-.It Fl d
-To delete a one-time password.
-.It Fl f
-Choose a different
-.Ar algorithm
-from the default md5.  Pick any of: md4, md5, and sha.
-.It Fl h
-For getting a help message.
-.It Fl l
-List the current table of one-time passwords.
-.It Fl o
-To open (unlock) the otp-entry for a user.
-.It Fl r
-To renew a one-time password series.  This operation can be performed
-over an potentially eavesdropped link because you do not supply the
-pass-phrase.  First you need to supply the current one-time password
-and then the new one corresponding to the supplied
-.Ar sequence-number
-and
-.Ar seed .
-.It Fl u
-To choose a different
-.Ar user
-to set one-time passwords for.  This only works when running
-.Nm
-as root.
-.El
-.Sh SEE ALSO
-.Xr otpprint 1

appl/otp/otp.c

@@ -1,371 +0,0 @@
-/*
- * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "otp_locl.h"
-#include <getarg.h>
-
-RCSID("$Id$");
-
-static int listp;
-static int deletep;
-static int openp;
-static int renewp;
-static char* alg_string;
-static char *user;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "list", 'l', arg_flag, &listp, "list OTP status", NULL },
-    { "delete", 'd', arg_flag, &deletep, "delete OTP", NULL },
-    { "open", 'o', arg_flag, &openp, "open a locked OTP", NULL },
-    { "renew", 'r', arg_flag, &renewp, "securely renew OTP", NULL },
-    { "hash", 'f', arg_string, &alg_string,
-      "hash algorithm (md4, md5, or sha)", "algorithm"},
-    { "user", 'u', arg_string, &user,
-      "user other than current user (root only)", "user" },
-    { "version", 0, arg_flag, &version_flag, NULL, NULL },
-    { "help", 'h', arg_flag, &help_flag, NULL, NULL }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "[num seed]");
-    exit(code);
-}
-
-/*
- * Renew the OTP for a user.
- * The pass-phrase is not required (RFC 1938/8.0)
- */
-
-static int
-renew (int argc, char **argv, OtpAlgorithm *alg, char *inuser)
-{
-    OtpContext newctx, *ctx;
-    char prompt[128];
-    char pw[64];
-    void *dbm;
-    int ret;
-
-    newctx.alg = alg;
-    newctx.user = inuser;
-    newctx.n = atoi (argv[0]);
-    strlcpy (newctx.seed, argv[1], sizeof(newctx.seed));
-    strlwr(newctx.seed);
-    snprintf (prompt, sizeof(prompt),
-	      "[ otp-%s %u %s ]",
-	      newctx.alg->name,
-	      newctx.n,
-	      newctx.seed);
-    if (UI_UTIL_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
-	otp_parse (newctx.key, pw, alg) == 0) {
-	ctx = &newctx;
-	ret = 0;
-    } else
-	return 1;
-
-    dbm = otp_db_open ();
-    if (dbm == NULL) {
-	warnx ("otp_db_open failed");
-	return 1;
-    }
-    otp_put (dbm, ctx);
-    otp_db_close (dbm);
-    return ret;
-}
-
-/*
- * Return 0 if the user could enter the next OTP.
- * I would rather have returned !=0 but it's shell-like here around.
- */
-
-static int
-verify_user_otp(char *username)
-{
-    OtpContext ctx;
-    char passwd[OTP_MAX_PASSPHRASE + 1];
-    char ss[256];
-    char *prompt = NULL;
-
-    if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) {
-	warnx("no otp challenge found for %s", username);
-	return 1;
-    }
-
-    if (asprintf(&prompt, "%s's %s Password: ", username, ss) == -1 ||
-        prompt == NULL)
-        err(1, "out of memory");
-    if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)) {
-        free(prompt);
-	return 1;
-    }
-    free(prompt);
-    return otp_verify_user (&ctx, passwd);
-}
-
-/*
- * Set the OTP for a user
- */
-
-static int
-set (int argc, char **argv, OtpAlgorithm *alg, char *inuser)
-{
-    void *db;
-    OtpContext ctx;
-    char pw[OTP_MAX_PASSPHRASE + 1];
-    int ret;
-    int i;
-
-    ctx.alg = alg;
-    ctx.user = strdup (inuser);
-    if (ctx.user == NULL)
-	err (1, "out of memory");
-
-    ctx.n = atoi (argv[0]);
-    strlcpy (ctx.seed, argv[1], sizeof(ctx.seed));
-    strlwr(ctx.seed);
-    do {
-	if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ",
-	    UI_UTIL_FLAG_VERIFY))
-	    return 1;
-	if (strlen (pw) < OTP_MIN_PASSPHRASE)
-	    printf ("Too short pass-phrase.  Use at least %d characters\n",
-		    OTP_MIN_PASSPHRASE);
-    } while(strlen(pw) < OTP_MIN_PASSPHRASE);
-    ctx.alg->init (ctx.key, pw, ctx.seed);
-    for (i = 0; i < ctx.n; ++i)
-	ctx.alg->next (ctx.key);
-    db = otp_db_open ();
-    if(db == NULL) {
-	free (ctx.user);
-	err (1, "otp_db_open failed");
-    }
-    ret = otp_put (db, &ctx);
-    otp_db_close (db);
-    free (ctx.user);
-    return ret;
-}
-
-/*
- * Delete otp of user from the database
- */
-
-static int
-delete_otp (int argc, char **argv, char *inuser)
-{
-    void *db;
-    OtpContext ctx;
-    int ret;
-
-    db = otp_db_open ();
-    if(db == NULL)
-	errx (1, "otp_db_open failed");
-
-    ctx.user = inuser;
-    ret = otp_delete(db, &ctx);
-    otp_db_close (db);
-    return ret;
-}
-
-/*
- * Tell whether the user has an otp
- */
-
-static int
-has_an_otp(char *inuser)
-{
-    void *db;
-    OtpContext ctx;
-    int ret;
-
-    db = otp_db_open ();
-    if(db == NULL) {
-	warnx ("otp_db_open failed");
-	return 0; /* if no db no otp! */
-    }
-
-    ctx.user = inuser;
-    ret = otp_simple_get(db, &ctx);
-
-    otp_db_close (db);
-    return !ret;
-}
-
-/*
- * Get and print out the otp entry for some user
- */
-
-static void
-print_otp_entry_for_name (void *db, char *inuser)
-{
-    OtpContext ctx;
-
-    ctx.user = inuser;
-    if (!otp_simple_get(db, &ctx)) {
-	fprintf(stdout,
-		"%s\totp-%s %d %s",
-		ctx.user, ctx.alg->name, ctx.n, ctx.seed);
-	if (ctx.lock_time)
-	    fprintf(stdout,
-		    "\tlocked since %s",
-		    ctime(&ctx.lock_time));
-	else
-	    fprintf(stdout, "\n");
-    }
-}
-
-static int
-open_otp (int argc, char **argv, char *inuser)
-{
-    void *db;
-    OtpContext ctx;
-    int ret;
-
-    db = otp_db_open ();
-    if (db == NULL)
-	errx (1, "otp_db_open failed");
-
-    ctx.user = inuser;
-    ret = otp_simple_get (db, &ctx);
-    if (ret == 0)
-	ret = otp_put (db, &ctx);
-    otp_db_close (db);
-    return ret;
-}
-
-/*
- * Print otp entries for one or all users
- */
-
-static int
-list_otps (int argc, char **argv, char *inuser)
-{
-    void *db;
-    struct passwd *pw;
-
-    db = otp_db_open ();
-    if(db == NULL)
-	errx (1, "otp_db_open failed");
-
-    if (inuser)
-	print_otp_entry_for_name(db, inuser);
-    else
-	/* scans all users... so as to get a deterministic order */
-	while ((pw = getpwent()))
-	    print_otp_entry_for_name(db, pw->pw_name);
-
-    otp_db_close (db);
-    return 0;
-}
-
-int
-main (int argc, char **argv)
-{
-    int defaultp = 0;
-    int uid = getuid();
-    OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
-    int optidx = 0;
-    char userbuf[128];
-
-    setprogname (argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(deletep && uid != 0)
-	errx (1, "Only root can delete OTPs");
-    if(alg_string) {
-	alg = otp_find_alg (alg_string);
-	if (alg == NULL)
-	    errx (1, "Unknown algorithm: %s", alg_string);
-    }
-    if (user && uid != 0)
-	errx (1, "Only root can use `-u'");
-    argc -= optidx;
-    argv += optidx;
-
-    if (!(listp || deletep || renewp || openp))
-	defaultp = 1;
-
-    if ( listp + deletep + renewp + defaultp + openp != 1)
-	usage(1); /* one of -d or -l or -r or none */
-
-    if(deletep || openp || listp) {
-	if(argc != 0)
-	    errx(1, "delete, open, and list requires no arguments");
-    } else {
-	if(argc != 2)
-	    errx(1, "setup, and renew requires `num', and `seed'");
-    }
-    if (listp)
-	return list_otps (argc, argv, user);
-
-    if (user == NULL) {
-        user = roken_get_username(userbuf, sizeof(userbuf));
-        if (user == NULL)
-	    err (1, "You don't exist");
-    }
-
-    /*
-     * users other that root must provide the next OTP to update the sequence.
-     * it avoids someone to use a pending session to change an OTP sequence.
-     * see RFC 1938/8.0.
-     */
-    if (uid != 0 && (defaultp || renewp)) {
-	if (!has_an_otp(user)) {
-	    errx (1, "Only root can set an initial OTP");
-	} else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */
-	    if (verify_user_otp(user) != 0) {
-		errx (1, "User authentication failed");
-	    }
-	}
-    }
-
-    if (deletep)
-	return delete_otp (argc, argv, user);
-    else if (renewp)
-	return renew (argc, argv, alg, user);
-    else if (openp)
-	return open_otp (argc, argv, user);
-    else
-	return set (argc, argv, alg, user);
-}

appl/otp/otp_locl.h

@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id$ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <roken.h>
-#include <err.h>
-#include "crypto-headers.h" /* for des_read_pw_string */
-#include <otp.h>

appl/otp/otpprint.1

@@ -1,82 +0,0 @@
-.\" Copyright (c) 1996, 2000 - 2001 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id$
-.\"
-.Dd November 17, 1996
-.Dt OTP 1
-.Os KTH-KRB
-.Sh NAME
-.Nm otpprint
-.Nd print lists of one-time passwords
-.Sh SYNOPSIS
-.Nm otp
-.Op Fl n Ar count
-.Op Fl e
-.Op Fl h
-.Op Fl f Ar algorithm
-.Ar sequence-number
-.Ar seed
-.Sh DESCRIPTION
-The
-.Nm
-program prints lists of OTPs.
-.Pp
-Use this to print out a series of one-time passwords.  You will have
-to supply the
-.Ar sequence number
-and the
-.Ar seed
-as arguments and then the program will prompt you for your pass-phrase.
-.Pp
-There are several different print formats.  The default is to print
-each password with six short english words.
-.Pp
-Options are:
-.Bl -tag -width Ds
-.It Fl e
-Print the passwords in ``extended'' format.  In this format a prefix
-that says ``hex:'' or ``word:'' is included.
-.It Fl f
-To choose a different
-.Ar algorithm
-from the default md5.  Pick any of: md4, md5, and sha.
-.It Fl h
-Print the passwords in hex.
-.It Fl n
-Print
-.Ar count
-one-time passwords, starting at
-.Ar sequence-number
-and going backwards. The default is 10.
-.El
-.Sh SEE ALSO
-.Xr otp 1

appl/otp/otpprint.c

@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "otp_locl.h"
-#include <getarg.h>
-
-RCSID("$Id$");
-
-static int extendedp;
-static int count = 10;
-static int hexp;
-static char* alg_string;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "extended", 'e', arg_flag, &extendedp, "print keys in extended format",
-      NULL },
-    { "count", 'n', arg_integer, &count, "number of keys to print", NULL },
-    { "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal", NULL },
-    { "hash", 'f', arg_string, &alg_string,
-      "hash algorithm (md4, md5, or sha)", "algorithm"},
-    { "version", 0, arg_flag, &version_flag, NULL, NULL },
-    { "help", 0, arg_flag, &help_flag, NULL, NULL }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "num seed");
-    exit(code);
-}
-
-static int
-print (int argc,
-       char **argv,
-       int incount,
-       OtpAlgorithm *alg,
-       void (*print_fn)(OtpKey, char *, size_t))
-{
-  char pw[64];
-  OtpKey key;
-  int n;
-  int i;
-  char *seed;
-
-  if (argc != 2)
-      usage (1);
-  n = atoi(argv[0]);
-  seed = argv[1];
-  if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0))
-    return 1;
-  alg->init (key, pw, seed);
-  for (i = 0; i < n; ++i) {
-    char s[64];
-
-    alg->next (key);
-    if (i >= n - incount) {
-      (*print_fn)(key, s, sizeof(s));
-      printf ("%d: %s\n", i + 1, s);
-    }
-  }
-  return 0;
-}
-
-int
-main (int argc, char **argv)
-{
-    int optidx = 0;
-    void (*fn)(OtpKey, char *, size_t);
-    OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
-
-    setprogname (argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(alg_string) {
-	alg = otp_find_alg (alg_string);
-	if (alg == NULL)
-	    errx(1, "Unknown algorithm: %s", alg_string);
-    }
-    argc -= optidx;
-    argv += optidx;
-
-    if (hexp) {
-	if (extendedp)
-	    fn = otp_print_hex_extended;
-	else
-	    fn = otp_print_hex;
-    } else {
-	if (extendedp)
-	    fn = otp_print_stddict_extended;
-	else
-	    fn = otp_print_stddict;
-    }
-
-    return print (argc, argv, count, alg, fn);
-}

appl/test/Makefile.am

@@ -4,6 +4,8 @@ include $(top_srcdir)/Makefile.am.common
 
 WFLAGS += $(WFLAGS_LITE)
 
+AUTOMAKE_OPTIONS = subdir-objects
+
 noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
 	uu_server uu_client nt_gss_server nt_gss_client http_client \
 	kinit_auditdns
@@ -52,14 +54,11 @@ kinit_auditdns_LDADD = \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/gssapi/libgssapi.la \
 	$(top_builddir)/lib/gss_preauth/libgss_preauth.la \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_libintl) \
 	$(LIB_roken)
 
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
 

appl/test/common.c

@@ -36,10 +36,10 @@
 static int help_flag;
 static int version_flag;
 static char *port_str;
-char *keytab_str;
+const char *keytab_str;
 krb5_keytab keytab;
-char *service = SERVICE;
-char *mech = "krb5";
+const char *service = SERVICE;
+const char *mech = "krb5";
 int fork_flag;
 char *password = NULL;
 

appl/test/gssapi_client.c

@@ -50,7 +50,7 @@ do_trans (int sock, gss_ctx_id_t context_hdl)
     /* get_mic */
 
     input_token->length = 3;
-    input_token->value  = strdup("hej");
+    input_token->value  = rk_UNCONST("hej");
 
     maj_stat = gss_get_mic(&min_stat,
 			   context_hdl,
@@ -84,7 +84,7 @@ do_trans (int sock, gss_ctx_id_t context_hdl)
     /* wrap */
 
     input_token->length = 7;
-    input_token->value  = "hemligt";
+    input_token->value  = rk_UNCONST("hemligt");
 
     maj_stat = gss_wrap (&min_stat,
 			 context_hdl,

appl/test/gssapi_server.c

@@ -149,7 +149,8 @@ process_it(int sock,
     gss_release_buffer (&min_stat, input_token);
     gss_release_buffer (&min_stat, output_token);
 
-    input_token->value = "hejhej";
+    /* used read-only by gss_wrap */
+    input_token->value = rk_UNCONST("hejhej");
     input_token->length = 6;
 
     maj_stat = gss_wrap (&min_stat,
@@ -190,7 +191,8 @@ proto (int sock, const char *service)
     u_char init_buf[4];
     u_char acct_buf[4];
     gss_OID mech_oid;
-    char *mech, *p;
+    const char *mech;
+    char *p;
 
     memset(&remote, 0, sizeof(remote));
     local = remote;

appl/test/http_client.c

@@ -85,13 +85,13 @@ fdprintf(int s, const char *fmt, ...)
     size_t len;
     ssize_t ret;
     va_list ap;
-    char *str, *buf;
+    char *str = NULL, *buf;
 
     va_start(ap, fmt);
-    vasprintf(&str, fmt, ap);
+    ret = vasprintf(&str, fmt, ap);
     va_end(ap);
 
-    if (str == NULL)
+    if (ret == -1 || str == NULL)
 	errx(1, "vasprintf");
 
     buf = str;
@@ -113,8 +113,8 @@ static int version_flag;
 static int verbose_flag;
 static int mutual_flag = 1;
 static int delegate_flag;
-static char *port_str = "http";
-static char *gss_service = "HTTP";
+static const char *port_str = "http";
+static const char *gss_service = "HTTP";
 
 static struct getargs http_args[] = {
     { "verbose", 'v', arg_flag, &verbose_flag, "verbose logging", NULL },
@@ -372,8 +372,11 @@ main(int argc, char **argv)
 		    printf("Negotiate found\n");
 
 		if (server == GSS_C_NO_NAME) {
-		    char *name;
-		    asprintf(&name, "%s@%s", gss_service, host);
+		    char *name = NULL;
+
+		    if (asprintf(&name, "%s@%s", gss_service, host) == -1 ||
+                        name == NULL)
+                        err(1, "asprintf");
 		    input_token.length = strlen(name);
 		    input_token.value = name;
 
@@ -483,8 +486,11 @@ main(int argc, char **argv)
 				     output_token.length,
 				     &neg_token);
 
-		    asprintf(&headers[num_headers++], "Authorization: Negotiate %s",
-			     neg_token);
+		    if (asprintf(&headers[num_headers],
+                                 "Authorization: Negotiate %s", neg_token) == -1 ||
+                        headers[num_headers] == NULL)
+                        err(1, "asprintf");
+                    num_headers++;
 
 		    free(neg_token);
 		    gss_release_buffer(&min_stat, &output_token);

appl/test/nt_gss_client.c

@@ -140,7 +140,8 @@ proto (int sock, const char *hostname, const char *service)
     /* wrap */
 
     input_token->length = 7;
-    input_token->value  = "hemligt";
+    /* used read-only by gss_wrap */
+    input_token->value  = rk_UNCONST("hemligt");
 
 
     maj_stat = gss_wrap (&min_stat,

appl/test/nt_gss_server.c

@@ -50,8 +50,8 @@ RCSID("$Id$");
 static int help_flag;
 static int version_flag;
 static char *port_str;
-char *service = SERVICE;
-static char *auth_file;
+const char *service = SERVICE;
+static const char *auth_file;
 
 static struct getargs args[] = {
     { "port", 'p', arg_string, &port_str, "port to listen to", "port" },

appl/test/tcp_client.c

@@ -80,7 +80,8 @@ proto (int sock, const char *hostname, const char *service)
     if (status)
 	krb5_err (context, 1, status, "krb5_sendauth");
 
-    data.data   = "hej";
+    /* used read-only by krb5_mk_safe */
+    data.data   = rk_UNCONST("hej");
     data.length = 3;
 
     krb5_data_zero (&packet);
@@ -101,7 +102,7 @@ proto (int sock, const char *hostname, const char *service)
     if (krb5_net_write (context, &sock, packet.data, len) != len)
 	err (1, "krb5_net_write");
 
-    data.data   = "hemligt";
+    data.data   = rk_UNCONST("hemligt");
     data.length = 7;
 
     krb5_data_free (&packet);

appl/test/test_locl.h

@@ -78,9 +78,9 @@
 
 #define PORT "test"
 
-extern char *service;
-extern char *mech;
-extern char *keytab_str;
+extern const char *service;
+extern const char *mech;
+extern const char *keytab_str;
 extern krb5_keytab keytab;
 extern int fork_flag;
 int server_setup(krb5_context*, int, char**);

appl/test/uu_client.c

@@ -148,7 +148,8 @@ proto (int sock, const char *hostname, const char *service)
 	}
     }
 
-    data.data   = "hej";
+    /* used read-only by krb5_mk_safe */
+    data.data   = rk_UNCONST("hej");
     data.length = 3;
 
     krb5_data_zero (&packet);
@@ -165,7 +166,8 @@ proto (int sock, const char *hostname, const char *service)
     if(status)
 	krb5_err(context, 1, status, "krb5_write_message");
 
-    data.data   = "hemligt";
+    /* used read-only by krb5_mk_priv */
+    data.data   = rk_UNCONST("hemligt");
     data.length = 7;
 
     krb5_data_free (&packet);

appveyor.yml

@@ -1,85 +0,0 @@
-#
-# This file tells appveyor.com how to build Heimdal on Windows.
-# Appveyor is a continuous integration (CI) service for github and other
-# users, and is free for public repositories.
-#
-
-version: '1.0.{build}'
-
-image:
-  - Visual Studio 2019
-
-install:
-  # HACK -- pacman installation in Appveyor seems broken
-  # Taken from https://github.com/johnkerl/miller/blob/master/appveyor.yml
-  # (which is gone)
-  #- ps: dir 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Microsoft SDKs\Windows' -Recurse
-  - set "PATH=C:\msys64\usr\bin;%PATH%"
-  - set "PATH=C:\%MSYS2_DIR%\%MSYSTEM%\bin;C:\%MSYS2_DIR%\usr\bin;%PATH%"
-  - bash -lc "mkdir -p /var/lib/pacman/sync/"
-  - bash -lc "pacman-key --init"
-  - bash -lc "pacman-key --populate msys2"
-  - bash -lc "curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-1~20211228-1-any.pkg.tar.zst"
-  - bash -lc "curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-1~20211228-1-any.pkg.tar.zst.sig"
-  - bash -lc "pacman --noconfirm -U --config <(echo) msys2-keyring-1~20211228-1-any.pkg.tar.zst"
-  - bash -lc "mkdir -p /var/lib/pacman/sync/"
-  - bash -lc "pacman-key --init"
-  - bash -lc "pacman-key --populate msys2"
-  - bash -lc "pacman -S --noconfirm --refresh pacman"
-  - bash -lc "pacman -S --needed --noconfirm pacman-mirrors"
-  - bash -lc "pacman -S --needed --noconfirm mingw-w64-x86_64-toolchain autoconf automake libtool make patch mingw-w64-x86_64-libtool"
-  - bash -lc "pacman -S --needed --noconfirm bison flex"
-  - bash -lc "pacman -S --needed --noconfirm perl perl-JSON"
-
-build_script:
-  # build using Windows 10 SDK
-  - set "WINSDKVER=10.0.22000.0"
-  - call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvarsall.bat" amd64 %WINSDKVER%
-  - set "WIXDIR=c:\Program Files (x86)\Windows Installer XML v3.5"
-  # We're not doing any codesigning in the Appveyor build yet.
-  - SET "CODESIGN_PKT=0000000000000000"
-  - set "PATH=%PATH%;C:\Perl64\bin;C:\tools\cygwin\bin;C:\Program Files (x86)\HTML Help Workshop"
-  - set "PATH=%PATH%;C:/msys64/usr/bin"
-  - set "PATH=%PATH%;C:\program files (x86)\windows installer xml v3.5\bin;C:\cygwin\bin"
-  # double check this, should it be x86 or x64?
-  - set "PATH=%PATH%;%WindowsSdkVerBinPath%\x86"
-  - set "PATH=C:\Python310-x64;%PATH%"
-  - set dbg__type=Debug
-  - title Heimdal Build %CPU% %dbg__type%
-  - echo PATH=%PATH%
-  # target Windows 10 API
-  - set APPVER=10.0
-  # Newer texinfo has no .exe's, so we have to invoke it as
-  # "perl ...\makeinfo ...".  See doc/NTMakefile.
-  - nmake /f NTMakefile APPVEYOR=1 MAKEINFO=makeinfo NO_INSTALLERS=1
-  - 7z a heimdal.zip C:\projects\heimdal
-
-test_script:
-  # Packages are not validated in the Appveyor build, FYI.
-  - nmake /f NTMakefile APPVEYOR=1 MAKEINFO=makeinfo NO_INSTALLERS=1 test
-
-artifacts:
-  - path: heimdal-out.zip
-    name: heimdal-out
-  - path: heimdal.zip
-    name: heimdal
-
-on_failure:
-  - 7z a heimdal-out.zip C:\projects\heimdal
-  - appveyor PushArtifact heimdal-out.zip
-
-# To get RDP access to an appveyor worker for debugging a build, just
-# uncomment these next two lines and the last two lines too.
-#init:
-#  - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-
-# Uncomment this to allow the RDP session to continue after the build
-# finishes.
-#
-# There's a delete-me file on the desktop that one should delete when
-# one is done with the worker.  RDP sessions are capped at 60 minutes as
-# of this writing.
-#
-#on_finish:
-#  - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-

cf/Makefile.am.common

@@ -4,7 +4,7 @@ SUFFIXES = .et .h .pc.in .pc
 
 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include
 
-AM_CPPFLAGS = $(INCLUDES_roken)
+AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_openssl_crypto)
 
 if do_roken_rename
 ROKEN_RENAME = -DROKEN_RENAME
@@ -269,6 +269,11 @@ check-valgrind:
 	tsrcdir=`cd $(top_srcdir) && pwd` ; \
 	env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check
 
+check-helgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-helgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check
+
 #
 # Target to please samba build farm, builds distfiles in-tree.
 # Will break when automake changes...

cf/crypto.m4

@@ -6,11 +6,13 @@ dnl - own-built libhcrypto
 
 m4_define([test_headers], [
 		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_HCRYPTO_W_OPENSSL
 		#ifdef HAVE_SYS_TYPES_H
 		#include <sys/types.h>
 		#endif
 		#include <openssl/evp.h>
+		#include <openssl/provider.h>
+		#include <openssl/encoder.h>
+		#include <openssl/core_names.h>
 		#include <openssl/bn.h>
 		#include <openssl/md4.h>
 		#include <openssl/md5.h>
@@ -27,18 +29,6 @@ m4_define([test_headers], [
 		#include <openssl/rand.h>
 		#include <openssl/hmac.h>
 		#include <openssl/pkcs12.h>
-		#else
-		#include <hcrypto/evp.h>
-		#include <hcrypto/md4.h>
-		#include <hcrypto/md5.h>
-		#include <hcrypto/sha.h>
-		#include <hcrypto/des.h>
-		#include <hcrypto/rc4.h>
-		#include <hcrypto/aes.h>
-		#include <hcrypto/engine.h>
-		#include <hcrypto/hmac.h>
-		#include <hcrypto/pkcs12.h>
-		#endif
 		])
 m4_define([test_body], [
 		void *schedule = 0;
@@ -54,9 +44,7 @@ m4_define([test_body], [
 		EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
 		UI_UTIL_read_pw_string(0,0,0,0);
 		RAND_status();
-		#ifdef HAVE_HCRYPTO_W_OPENSSL
 		EC_KEY_new();
-		#endif
 
 		OpenSSL_add_all_algorithms();
 		AES_encrypt(0,0,0);
@@ -65,25 +53,19 @@ m4_define([test_body], [
 
 AC_DEFUN([KRB_CRYPTO],[
 AC_ARG_WITH([hcrypto-default-backend],
-            AS_HELP_STRING([--with-hcrypto-default-backend=cc|pkcs11_hcrypto|ossl|w32crypto|hcrypto],
+            AS_HELP_STRING([--with-hcrypto-default-backend=ossl],
                            [specify the default hcrypto backend]),
             [
-            CFLAGS="${CFLAGS} -DHCRYPTO_DEF_PROVIDER=${withval}"
-            case "$withval" in
-            cc) AC_DEFINE(HCRYPTO_DEF_PROVIDER, [cc], [Define to one of cc, pkcs11, ossl, w32crypto, or hcrypto to set a default hcrypto provider]);;
-            pkcs11_hcrypto) AC_DEFINE(HCRYPTO_DEF_PROVIDER, [pkcs11_hcrypto], [Define to one of cc, pkcs11, ossl, w32crypto, or hcrypto to set a default hcrypto provider]);;
-            ossl) AC_DEFINE(HCRYPTO_DEF_PROVIDER, [ossl], [Define to one of cc, pkcs11, ossl, w32crypto, or hcrypto to set a default hcrypto provider]);;
-            w32crypto) AC_DEFINE(HCRYPTO_DEF_PROVIDER, [w32crypto], [Define to one of cc, pkcs11, ossl, w32crypto, or hcrypto to set a default hcrypto provider]);;
-            hcrypto) AC_DEFINE(HCRYPTO_DEF_PROVIDER, [hcrypto], [Define to one of cc, pkcs11, ossl, w32crypto, or hcrypto to set a default hcrypto provider]);;
-            *) echo "Invalid hcrypto provider name ($withval)"; exit 5;;
-            esac
-            ],
-            [])
+                if test "$with_val" != ossl -a "$withval" != ""; then
+                    AC_MSG_ERROR([hcrypto has been removed 0])
+                fi
+            ]
+            )
 AC_ARG_WITH([hcrypto-fallback],
             AS_HELP_STRING([--without-hcrypto-fallback],
                            [disable fallback on hcrypto for unavailable algorithms]),
-            [AC_DEFINE([HCRYPTO_FALLBACK],0,[Set to 1 to allow fallback to hcrypto for unavailable algorithms])],
-            [AC_DEFINE([HCRYPTO_FALLBACK],1,[Set to 1 to allow fallback to hcrypto for unavailable algorithms])])
+            [AC_MSG_ERROR([hcrypto has been removed 2])]
+            )
 AC_WITH_ALL([openssl])
 
 AC_MSG_CHECKING([for crypto library])
@@ -105,10 +87,40 @@ if test "$with_openssl" != "no"; then
 	fi
 	if test "$with_openssl_lib" != ""; then
 		LIB_openssl_crypto="-L${with_openssl_lib}"
-        elif test "${with_openssl}" != "/usr" -a -d "${with_openssl}/lib"; then
-                LIB_openssl_crypto="-L${with_openssl}/lib"
+		openssl_libdir="${with_openssl_lib}"
+	elif test "${with_openssl}" != "/usr"; then
+		dnl Detect lib vs lib64: prefer lib64 on 64-bit Linux if it exists
+		dnl and contains libcrypto, otherwise fall back to lib
+		openssl_libdir=""
+		if test -f "${with_openssl}/lib64/libcrypto.so" -o \
+		        -f "${with_openssl}/lib64/libcrypto.dylib"; then
+			openssl_libdir="${with_openssl}/lib64"
+		elif test -f "${with_openssl}/lib/libcrypto.so" -o \
+		          -f "${with_openssl}/lib/libcrypto.dylib"; then
+			openssl_libdir="${with_openssl}/lib"
+		elif test -d "${with_openssl}/lib64"; then
+			openssl_libdir="${with_openssl}/lib64"
+		elif test -d "${with_openssl}/lib"; then
+			openssl_libdir="${with_openssl}/lib"
+		fi
+		if test -n "$openssl_libdir"; then
+			LIB_openssl_crypto="-L${openssl_libdir}"
+		fi
 	fi
-	CFLAGS="-DHAVE_HCRYPTO_W_OPENSSL ${INCLUDE_openssl_crypto} ${CFLAGS}"
+	dnl Add rpath for non-system OpenSSL installations
+	if test -n "$openssl_libdir" -a "$openssl_libdir" != "/usr/lib" -a "$openssl_libdir" != "/usr/lib64"; then
+		case "$host_os" in
+		darwin*)
+			dnl macOS uses -rpath with @loader_path or absolute path
+			LIB_openssl_crypto="${LIB_openssl_crypto} -Wl,-rpath,${openssl_libdir}"
+			;;
+		*)
+			dnl Linux and other ELF systems
+			LIB_openssl_crypto="${LIB_openssl_crypto} -Wl,-rpath,${openssl_libdir}"
+			;;
+		esac
+	fi
+	CFLAGS="${INCLUDE_openssl_crypto} ${CFLAGS}"
         LDFLAGS="${LIB_openssl_crypto} ${LDFLAGS}"
         AC_CHECK_LIB([crypto], [OPENSSL_init],
                      [LIB_openssl_crypto="${LIB_openssl_crypto} -lcrypto"; openssl=yes], [openssl=no], [])
@@ -150,13 +162,6 @@ if test "$with_openssl" != "no"; then
         LDFLAGS="${saved_LDFLAGS}"
 fi
 
-LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la'
-LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a'
-LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so'
-LIB_hcrypto_appl="-lhcrypto"
-
-AC_MSG_RESULT([included libhcrypto])
-
 AC_ARG_WITH(pkcs11-module,
                        AS_HELP_STRING([--with-pkcs11-module=path],
                                       [use PKCS11 module in path]),
@@ -168,15 +173,77 @@ if test "$pkcs11_module" != ""; then
   openssl=no
 fi
 
+dnl Check for OpenSSL PKCS#11 provider (pkcs11-provider project)
+dnl It installs into the OpenSSL modules directory
+openssl_pkcs11_provider=""
 if test "$openssl" = "yes"; then
-  AC_DEFINE([HAVE_HCRYPTO_W_OPENSSL], 1, [define to use openssl's libcrypto as the default backend for libhcrypto])
+    if test -n "$openssl_libdir"; then
+        pkcs11_provider_path="${openssl_libdir}/ossl-modules/pkcs11.so"
+    else
+        pkcs11_provider_path="/usr/lib/ossl-modules/pkcs11.so"
+    fi
+    AC_MSG_CHECKING([for OpenSSL PKCS11 provider])
+    if test -f "$pkcs11_provider_path"; then
+        openssl_pkcs11_provider="$pkcs11_provider_path"
+        AC_MSG_RESULT([$openssl_pkcs11_provider])
+    else
+        AC_MSG_RESULT([not found at $pkcs11_provider_path])
+    fi
+fi
+AC_SUBST(OPENSSL_PKCS11_PROVIDER, [$openssl_pkcs11_provider])
+AM_CONDITIONAL([HAVE_OPENSSL_PKCS11_PROVIDER], [test "x$openssl_pkcs11_provider" != "x"])
+
+if test "$openssl" != "yes"; then
+    AC_MSG_ERROR([OpenSSL is required])
 fi
-AM_CONDITIONAL(HAVE_HCRYPTO_W_OPENSSL, test "$openssl" = yes)dnl
 
 AC_SUBST(INCLUDE_openssl_crypto)
 AC_SUBST(LIB_openssl_crypto)
-AC_SUBST(LIB_hcrypto)
-AC_SUBST(LIB_hcrypto_a)
-AC_SUBST(LIB_hcrypto_so)
-AC_SUBST(LIB_hcrypto_appl)
+
+dnl
+dnl Legacy/weak encryption type options
+dnl
+
+dnl Single DES (weak crypto) - disabled by default for security
+AC_ARG_WITH([1des],
+    AS_HELP_STRING([--with-1des], [enable single DES encryption (weak, for legacy compatibility)]),
+    [with_1des=$withval],
+    [with_1des=no])
+AC_MSG_CHECKING([whether to enable single DES encryption])
+if test "$with_1des" = "yes"; then
+    AC_DEFINE([HEIM_WEAK_CRYPTO], 1, [Define to enable single DES encryption support])
+    AC_MSG_RESULT([yes])
+else
+    AC_MSG_RESULT([no])
+fi
+AM_CONDITIONAL([HEIM_WEAK_CRYPTO], [test "$with_1des" = "yes"])
+
+dnl Triple DES - enabled by default for legacy compatibility
+AC_ARG_WITH([3des],
+    AS_HELP_STRING([--with-3des], [enable triple DES encryption (default: yes)]),
+    [with_3des=$withval],
+    [with_3des=yes])
+AC_MSG_CHECKING([whether to enable triple DES encryption])
+if test "$with_3des" = "yes"; then
+    AC_DEFINE([HEIM_DES3], 1, [Define to enable triple DES encryption support])
+    AC_MSG_RESULT([yes])
+else
+    AC_MSG_RESULT([no])
+fi
+AM_CONDITIONAL([HEIM_DES3], [test "$with_3des" = "yes"])
+
+dnl ARCFOUR/RC4 - enabled by default (still used by some Windows systems)
+AC_ARG_WITH([arcfour],
+    AS_HELP_STRING([--with-arcfour], [enable ARCFOUR/RC4 encryption (default: yes)]),
+    [with_arcfour=$withval],
+    [with_arcfour=yes])
+AC_MSG_CHECKING([whether to enable ARCFOUR encryption])
+if test "$with_arcfour" = "yes"; then
+    AC_DEFINE([HEIM_ARCFOUR], 1, [Define to enable ARCFOUR/RC4 encryption support])
+    AC_MSG_RESULT([yes])
+else
+    AC_MSG_RESULT([no])
+fi
+AM_CONDITIONAL([HEIM_ARCFOUR], [test "$with_arcfour" = "yes"])
+
 ])

cf/largefile.m4

@@ -7,10 +7,16 @@ AC_DEFUN([rk_SYS_LARGEFILE],[
 AC_REQUIRE([AC_SYS_LARGEFILE])dnl
 dnl need to set this on the command line, since it might otherwise break
 dnl with generated code, such as lex
-if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
-	CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
-fi
-if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no && test -n "$ac_cv_sys_file_offset_bits"; then
-	CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
+if test "$enable_largefile" != no; then
+	if test -n "$ac_cv_sys_large_files" && test "$ac_cv_sys_large_files" != no; then
+		CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
+	fi
+	if test -n "$ac_cv_sys_file_offset_bits" && test "$ac_cv_sys_file_offset_bits" != no; then
+		CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
+	fi
+	if test -n "$ac_cv_sys_largefile_opts"; then
+		AS_CASE([$ac_cv_sys_largefile_opts],[-D_FILE_OFFSET_BITS=*|-D_LARGE_FILES=*],
+			[CPPFLAGS="$CPPFLAGS $ac_cv_sys_largefile_opts"])
+	fi
 fi
 ])

cf/maybe-helgrind.sh

@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+#    may be used to endorse or promote products derived from this software
+#    without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+
+while true
+do
+  case $1 in
+  -s) tsrcdir="$2"; shift 2;;
+  -o) tobjdir="$2"; shift 2;;
+  -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
+  *) break;;
+  esac
+done
+
+if [ X"${tobjdir}" = "X" -o X"${tsrcdir}" = X ] ; then
+    echo "tobjdir or tsrcdir not defined"
+    exit 1
+fi
+
+if [ ! -f "${tobjdir}/libtool" ]; then
+    echo "libtool missing from \"${tobjdir}\""
+    exit 1
+fi
+
+doit=1
+
+libtool="${tobjdir}/libtool --mode=execute"
+
+helgrind="valgrind --tool=helgrind --quiet -q --num-callers=30"
+
+# Add suppressions file if it exists
+if [ -f "${tsrcdir}/cf/helgrind-suppressions" ]; then
+    helgrind="$helgrind --suppressions=${tsrcdir}/cf/helgrind-suppressions"
+fi
+
+if head -10 "$1" | grep 'Generated by ltmain.sh' > /dev/null ; then
+    uselibtool=1
+elif head -10 "$1" | grep 'bin/sh' > /dev/null ; then
+    libtool=
+    helgrind=
+fi
+
+exec $libtool $helgrind "$@"

cf/maybe-valgrind.sh

@@ -56,7 +56,7 @@ doit=1
 
 libtool="${tobjdir}/libtool --mode=execute"
 
-valgrind="valgrind --leak-check=full --quiet -q --num-callers=30 --suppressions=${tsrcdir}/cf/valgrind-suppressions"
+valgrind="valgrind --leak-check=full --show-leak-kinds=definite --quiet -q --num-callers=30 --suppressions=${tsrcdir}/cf/valgrind-suppressions"
 
 if head -10 "$1" | grep 'Generated by ltmain.sh' > /dev/null ; then
     uselibtool=1

cf/otp.m4

@@ -3,25 +3,8 @@ dnl
 dnl check requirements for OTP library
 dnl
 AC_DEFUN([rk_OTP],[
-AC_REQUIRE([rk_DB])dnl
 AC_ARG_ENABLE(otp,
 	AS_HELP_STRING([--disable-otp],[if you don't want OTP support]))
-if test "$enable_otp" = yes -a "$db_type" = unknown; then
-	AC_MSG_ERROR([OTP requires a NDBM/DB compatible library])
-fi
-if test "$enable_otp" != no; then
-	if test "$db_type" != unknown; then
-		enable_otp=yes
-	else
-		enable_otp=no
-	fi
-fi
-if test "$enable_otp" = yes; then
-	AC_DEFINE(OTP, 1, [Define if you want OTP support in applications.])
-	LIB_otp='$(top_builddir)/lib/otp/libotp.la'
-	AC_SUBST(LIB_otp)
-fi
-AC_MSG_CHECKING([whether to enable OTP library])
-AC_MSG_RESULT($enable_otp)
-AM_CONDITIONAL(OTP, test "$enable_otp" = yes)dnl
+	AC_MSG_ERROR([OTP has been removed],
+	AC_MSG_ERROR([OTP has been removed])
 ])

cf/resolv.m4

@@ -73,13 +73,13 @@ AC_FIND_FUNC(res_ndestroy, resolv,
 ],
 [0])
 
-AC_FIND_FUNC_NO_LIBS(dns_search,,
+AC_FIND_FUNC(dns_search, resolv,
 [
 #ifdef HAVE_DNS_H
 #include <dns.h>
 #endif
 ],
-[0,0,0,0,0,0,0,0])
+[0])
 
 
 AC_FIND_FUNC(dn_expand, resolv,

cf/roken-frag.m4

@@ -28,7 +28,7 @@ dnl C characteristics
 AC_REQUIRE([AC_C___ATTRIBUTE__])
 AC_REQUIRE([AC_C_INLINE])
 AC_REQUIRE([AC_C_CONST])
-rk_WFLAGS(-Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow)
+rk_WFLAGS(-Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow -Wdiscarded-qualifiers -Wcast-qual -Wimplicit-fallthrough -Wenum-compare -Wunused-but-set-variable -Wunused-const-variable -Wunused-result -Wold-style-definition -Wwrite-strings)
 
 dnl -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wstrict-prototypes
 dnl -Wcast-qual -Wswitch -Wformat=2 -Wwrite-strings
@@ -334,15 +334,16 @@ AC_BROKEN([					\
 	err					\
 	errx					\
 	fchown					\
-	flock					\
 	fnmatch					\
 	freehostent				\
 	getcwd					\
+	getdelim				\
 	getdtablesize				\
 	getegid					\
 	geteuid					\
 	getgid					\
 	gethostname				\
+	getline					\
 	getifaddrs				\
 	getipnodebyaddr				\
 	getipnodebyname				\
@@ -400,6 +401,10 @@ AC_BROKEN([					\
 
 rk_LIBOBJ(closefrom)
 
+dnl Check for flock() - we always provide rk_flock() but need to know if
+dnl the system has flock() for our fallback chain
+AC_CHECK_FUNCS([flock])
+
 AM_CONDITIONAL(have_fnmatch_h,
 	test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes)
 

cf/wflags.m4

@@ -18,7 +18,26 @@ if test -z "$WFLAGS" -a "$GCC" = "yes"; then
   #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
   #   -Wmissing-declarations -Wnested-externs
   #   -Wstrict-overflow=5
-  WFLAGS="ifelse($#, 0,-Wall, $1) $dwflags"
+
+  # Check if this is Clang (which also sets GCC=yes for compatibility)
+  if $CC --version 2>&1 | grep -qi clang; then
+    rk_CLANG=yes
+  else
+    rk_CLANG=no
+  fi
+
+  wflags="ifelse($#, 0,-Wall, $1)"
+
+  # Replace GCC-specific warning flags with Clang equivalents
+  if test "$rk_CLANG" = yes; then
+    # -Wimplicit-fallthrough removed: flex-generated code triggers it and can't be fixed
+    wflags=`echo "$wflags" | sed -e 's/-Wdiscarded-qualifiers/-Wignored-qualifiers/g' \
+                                  -e 's/ -Wunused-but-set-variable//g' \
+                                  -e 's/ -Wunused-const-variable//g' \
+                                  -e 's/ -Wimplicit-fallthrough//g'`
+  fi
+
+  WFLAGS="$wflags $dwflags"
 
   #
   # WFLAGS_LITE can be appended to WFLAGS to turn off a host of warnings

configure.ac

@@ -130,7 +130,7 @@ AC_SUBST([SLC_DEP])
 
 dnl ---
 
-AC_DEFINE(HEIM_WEAK_CRYPTO, 1, [Define if you want support for weak crypto])
+dnl HEIM_WEAK_CRYPTO is now controlled by --with-1des in cf/crypto.m4
 
 rk_TEST_PACKAGE(openldap,
 [#include <lber.h>
@@ -230,60 +230,37 @@ AM_CONDITIONAL([HAVE_MICROHTTPD], [test "$with_microhttpd" != "no"])
 AC_SUBST([MICROHTTPD_CFLAGS])
 AC_SUBST([MICROHTTPD_LIBS])
 
-dnl libcjwt
-AC_ARG_WITH([cjwt],
-  AC_HELP_STRING([--with-cjwt], [(Experimental) use cjwt to validate JWT tokens @<:@default=check@:>@]),
-  [],
-  [with_cjwt=check])
-if test "$with_cjwt" != "no"; then
-  PKG_CHECK_MODULES([CJWT], [libcjwt >= 1.0.0],
-		    [with_cjwt=yes],[with_cjwt=no])
-fi
-if test "$with_cjwt" = "yes"; then
-  AC_DEFINE_UNQUOTED([HAVE_CJWT], 1, [whether libcjwt is available for KDC REST API])
-fi
-AM_CONDITIONAL([HAVE_CJWT], [test "$with_cjwt" != "no"])
-AC_SUBST([CJWT_CFLAGS])
-AC_SUBST([CJWT_LIBS])
-
-dnl libsystemd
-AC_ARG_WITH([systemd],
-  AC_HELP_STRING([--with-systemd], [(Experimental) notify systemd about daemon state @<:@default=check@:>@]),
-  [],
-  [with_systemd=check])
-if test "$with_systemd" != "no"; then
-  PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 256.0],
-		    [with_systemd=yes],[with_systemd=no])
-fi
-if test "$with_systemd" = "yes"; then
-  AC_DEFINE_UNQUOTED([HAVE_SYSTEMD], 1, [whether libsystemd is available])
-fi
-AM_CONDITIONAL([HAVE_SYSTEMD], [test "$with_systemd" != "no"])
-AC_SUBST([SYSTEMD_CFLAGS])
-AC_SUBST([SYSTEMD_LIBS])
-
-dnl libcjson
-AC_ARG_WITH([cjson],
-  AC_HELP_STRING([--with-cjson], [(Experimental) use cJSON to extract private claims from JWT tokens @<:@default=check@:>@]),
-  [],
-  [with_cjson=check])
-if test "$with_cjson" != "no"; then
-  PKG_CHECK_MODULES([CJSON], [libcjson >= 1.0.0],
-		    [with_cjson=yes],[with_cjson=no])
-fi
-if test "$with_cjson" = "yes"; then
-  AC_DEFINE_UNQUOTED([HAVE_CJSON], 1, [whether libcjson is available for KDC REST API])
-fi
-AM_CONDITIONAL([HAVE_CJSON], [test "$with_cjson" != "no"])
-AC_SUBST([CJSON_CFLAGS])
-AC_SUBST([CJSON_LIBS])
-
 dnl mitkrb5
 AC_ARG_WITH([mitkrb5],
-  AC_HELP_STRING([--with-mitkrb5], [Path to MIT Kerberos for interop testing @<:@default=check@:>@]),
+  AC_HELP_STRING([--with-mitkrb5=PATH], [Path to MIT Kerberos for interop testing]),
   [],
-  [with_mikrb5=check])
-AM_CONDITIONAL([MITKRB5], [test "$with_mitkrb5" != "no"])
+  [with_mitkrb5=no])
+MITKRB5=
+if test "$with_mitkrb5" != "no" && test "$with_mitkrb5" != "yes"; then
+  if test -d "$with_mitkrb5"; then
+    MITKRB5="$with_mitkrb5"
+  else
+    AC_MSG_WARN([MIT Kerberos directory $with_mitkrb5 does not exist])
+  fi
+fi
+AC_SUBST(MITKRB5)
+AM_CONDITIONAL([MITKRB5], [test -n "$MITKRB5"])
+
+dnl older-heimdal (for interop testing)
+AC_ARG_WITH([older-heimdal],
+  AC_HELP_STRING([--with-older-heimdal=PATH], [Path to older version of Heimdal for interop testing]),
+  [],
+  [with_older_heimdal=no])
+OLD_HEIMDAL=
+if test "$with_older_heimdal" != "no" && test "$with_older_heimdal" != "yes"; then
+  if test -d "$with_older_heimdal"; then
+    OLD_HEIMDAL="$with_older_heimdal"
+  else
+    AC_MSG_WARN([Older Heimdal directory $with_older_heimdal does not exist])
+  fi
+fi
+AC_SUBST(OLD_HEIMDAL)
+AM_CONDITIONAL([OLD_HEIMDAL], [test -n "$OLD_HEIMDAL"])
 
 dnl Check for sqlite
 rk_TEST_PACKAGE(sqlite3,
@@ -358,8 +335,14 @@ AC_SUBST(dpagaix_ldadd)
 AC_SUBST(dpagaix_ldflags)
 
 AC_ARG_ENABLE([afs-support],
-	AS_HELP_STRING([--disable-afs-support],[if you don't want support for AFS]))
-if test "$enable_afs_support" = no; then
+	AS_HELP_STRING([--enable-afs-support],[enable support for AFS]),
+                       [enable_afs_support=yes],
+                       [enable_afs_support=no])
+if test "$enable_afs_support" = yes; then
+	NO_AFS="0"
+        AC_MSG_ERROR([AFS no longer supported])
+else
+        # XXX This is pointless now, should be removed
 	AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.])
 	NO_AFS="1"
 fi
@@ -375,8 +358,6 @@ LIBADD_roken="$LIB_roken"
 AC_SUBST(LIBADD_roken)dnl
 LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
 
-rk_OTP
-
 rk_LIBDISPATCH
 
 AC_CHECK_OSFC2
@@ -566,16 +547,13 @@ dnl Deal with switch fallthrough warnings
 AH_TOP([
 #if defined(DISPATCH_FALLTHROUGH)
 # define HEIM_FALLTHROUGH DISPATCH_FALLTHROUGH
+#elif defined(__clang__)
+  /* Clang sets __GNUC__ to 4 for compat, but supports fallthrough attr */
+# define HEIM_FALLTHROUGH __attribute__((fallthrough))
+#elif defined(__GNUC__) && __GNUC__ >= 7
+# define HEIM_FALLTHROUGH __attribute__((fallthrough))
 #else
-# if defined(__GNUC__)
-#  if __GNUC__ >= 7
-#   define HEIM_FALLTHROUGH __attribute__((fallthrough))
-#  else
-#   define HEIM_FALLTHROUGH do {} while (0) /* fallthrough */
-#  endif
-# else
-#  define HEIM_FALLTHROUGH do {} while (0) /* fallthrough */
-# endif
+# define HEIM_FALLTHROUGH do {} while (0) /* fallthrough */
 #endif
 ])
 
@@ -750,23 +728,18 @@ AC_CONFIG_FILES(Makefile 		\
 	etc/Makefile			\
 	include/Makefile		\
 	include/gssapi/Makefile		\
-	include/hcrypto/Makefile	\
 	include/kadm5/Makefile		\
 	lib/Makefile			\
-	lib/base/Makefile			\
+	lib/base/Makefile		\
 	lib/asn1/Makefile		\
 	lib/com_err/Makefile		\
-	lib/hcrypto/Makefile		\
 	lib/hx509/Makefile		\
 	lib/gssapi/Makefile		\
-	lib/ntlm/Makefile		\
 	lib/hdb/Makefile		\
 	lib/ipc/Makefile		\
 	lib/kadm5/Makefile		\
-	lib/kafs/Makefile		\
 	lib/kdfs/Makefile		\
 	lib/krb5/Makefile		\
-	lib/otp/Makefile		\
 	lib/roken/Makefile		\
 	lib/sl/Makefile			\
 	lib/sqlite/Makefile		\
@@ -781,10 +754,8 @@ AC_CONFIG_FILES(Makefile 		\
 	kcm/Makefile			\
 	kdc/Makefile			\
 	appl/Makefile			\
-	appl/afsutil/Makefile		\
 	appl/dbutils/Makefile		\
 	appl/gssmask/Makefile		\
-	appl/otp/Makefile		\
 	appl/test/Makefile		\
 	appl/kf/Makefile		\
 	appl/dceutils/Makefile		\

doc/Makefile.am

@@ -18,11 +18,6 @@ dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
 	-e 's,[@]objdir[@],.,g' \
 	-e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
 
-hcrypto.dxy: hcrypto.din Makefile
-	$(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp
-	chmod +x hcrypto.dxy.tmp
-	mv hcrypto.dxy.tmp hcrypto.dxy
-
 hdb.dxy: hdb.din Makefile
 	$(dxy_subst) < $(srcdir)/hdb.din > hdb.dxy.tmp
 	chmod +x hdb.dxy.tmp
@@ -48,11 +43,6 @@ krb5.dxy: krb5.din Makefile
 	chmod +x krb5.dxy.tmp
 	mv krb5.dxy.tmp krb5.dxy
 
-ntlm.dxy: ntlm.din Makefile
-	$(dxy_subst) < $(srcdir)/ntlm.din > ntlm.dxy.tmp
-	chmod +x ntlm.dxy.tmp
-	mv ntlm.dxy.tmp ntlm.dxy
-
 wind.dxy: wind.din Makefile
 	$(dxy_subst) < $(srcdir)/wind.din > wind.dxy.tmp
 	chmod +x wind.dxy.tmp
@@ -67,11 +57,9 @@ vars.texi: vars.tin Makefile
 	chmod +x vars.texi.tmp
 	mv vars.texi.tmp vars.texi
 
-PROJECTS = base hdb hx509 gssapi krb5 ntlm wind 
+PROJECTS = base hdb hx509 gssapi krb5 wind 
 
-PROJECTS += hcrypto
-
-doxyout doxygen: base.dxy hdb.dxy hx509.dxy hcrypto.dxy gssapi.dxy krb5.dxy ntlm.dxy wind.dxy
+doxyout doxygen: base.dxy hdb.dxy hx509.dxy gssapi.dxy krb5.dxy wind.dxy
 	@test -d $(srcdir)/doxyout && \
 	find $(srcdir)/doxyout -type d ! -perm -200 -exec chmod u+w {} ';' ; \
 	rm -rf $(srcdir)/doxyout ; \
@@ -137,13 +125,11 @@ EXTRA_DIST = \
 	footer.html \
 	gssapi.din \
 	hdb.din \
-	hcrypto.din \
 	header.html \
 	heimdal.css \
 	base.din \
 	hx509.din \
 	krb5.din \
-	ntlm.din \
 	init-creds \
 	latin1.tex \
 	layman.asc \
@@ -155,12 +141,10 @@ EXTRA_DIST = \
 	vars.tin
 
 CLEANFILES = \
-	hcrypto.dxy* \
 	base.dxy* \
 	hx509.dxy* \
 	hdb.dxy* \
 	gssapi.dxy* \
 	krb5.dxy* \
-	ntlm.dxy* \
 	wind.dxy* \
 	vars.texi*

doc/NTMakefile

@@ -61,9 +61,7 @@ hx509_TEXINFOS = \
 
 MAKEINFOFLAGS = --css-include=$(SRCDIR)/heimdal.css
 
-!ifdef APPVEYOR
-MAKEINFO = $(PERL) C:\msys64\usr\bin\makeinfo
-!endif
+# MAKEINFO = $(PERL) C:\msys64\usr\bin\makeinfo
 
 ######################################################################
 # Build heimdal.chm

doc/ack.texi

@@ -2,17 +2,6 @@
 @comment  node-name,  next,  previous,  up
 @appendix Acknowledgments
 
-Eric Young wrote ``libdes''. Heimdal used to use libdes, without it
-kth-krb would never have existed. Since there are no longer any Eric
-Young code left in the library, we renamed it to libhcrypto.
-
-All functions in libhcrypto have been re-implemented or used available
-public domain code. The core AES function where written by Vincent
-Rijmen, Antoon Bosselaers and Paulo Barreto.  The core DES SBOX
-transformation was written by Richard Outerbridge. @code{imath} that
-is used for public key crypto support is written by Michael
-J. Fromberger.
-
 The University of California at Berkeley initially wrote @code{telnet},
 and @code{telnetd}.  The authentication and encryption code of
 @code{telnet} and @code{telnetd} was added by David Borman (then of Cray

doc/copyright.texi

@@ -16,6 +16,7 @@
 
 @copyrightstart
 @verbatim
+SPDX-License-Identifier: BSD-3-Clause
 
 Copyright (c) 1997-2011 Kungliga Tekniska Högskolan 
 (Royal Institute of Technology, Stockholm, Sweden).
@@ -58,6 +59,7 @@ SUCH DAMAGE.
 The parts of the libtelnet that handle Kerberos.
 
 @verbatim
+SPDX-License-Identifier: HPND-export-US
 
 Copyright (C) 1990 by the Massachusetts Institute of Technology
 
@@ -86,6 +88,7 @@ The parts of the libroken, most of libtelnet, telnet, ftp,
 and popper.
 
 @verbatim
+SPDX-License-Identifier: BSD-3-Clause
 
 Copyright (c) 1988, 1990, 1993
      The Regents of the University of California.  All rights reserved.
@@ -125,6 +128,7 @@ SUCH DAMAGE.
 libedit
 
 @verbatim
+SPDX-License-Identifier: BSD-3-Clause
 
 Copyright (c) 1992, 1993
  The Regents of the University of California.  All rights reserved.
@@ -159,16 +163,6 @@ SUCH DAMAGE.
 @end verbatim
 @copynext
 
-@heading TomsFastMath / LibTomMath
-
-Tom's fast math (bignum support) and LibTomMath
-
-@verbatim
-
-LibTomMath is hereby released into the Public Domain.  
-
-@end verbatim 
-
 @copynext
 
 @heading Doug Rabson
@@ -176,6 +170,7 @@ LibTomMath is hereby released into the Public Domain.
 GSS-API mechglue layer.
 
 @verbatim
+SPDX-License-Identifier: BSD-2-Clause
 
 Copyright (c) 2005 Doug Rabson
 All rights reserved.
@@ -213,6 +208,7 @@ SUCH DAMAGE.
 @end table
 
 @verbatim
+SPDX-License-Identifier: BSD-3-Clause
 
 Copyright (c) 2003-2011, PADL Software Pty Ltd.
 Copyright (c) 2004, Andrew Bartlett.
@@ -250,70 +246,6 @@ SUCH DAMAGE.
 @end verbatim
 @copynext
 
-@heading Marko Kreen
-
-Fortuna in libhcrypto
-
-@verbatim
-
-Copyright (c) 2005 Marko Kreen
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-       notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@end verbatim
-@copynext
-
-@heading NTT (Nippon Telegraph and Telephone Corporation)
-
-Camellia in libhcrypto
-
-@verbatim
-
-Copyright (c) 2006,2007
-NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-  notice, this list of conditions and the following disclaimer as
-  the first lines of this file unmodified.
-2. Redistributions in binary form must reproduce the above copyright
-  notice, this list of conditions and the following disclaimer in the
-  documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-@end verbatim
 @copynext
 
 @heading The NetBSD Foundation, Inc.
@@ -321,6 +253,7 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 vis.c in libroken
 
 @verbatim
+SPDX-License-Identifier: BSD-2-Clause
 
 Copyright (c) 1999, 2005 The NetBSD Foundation, Inc.
 All rights reserved.
@@ -349,37 +282,6 @@ POSSIBILITY OF SUCH DAMAGE.
 @end verbatim
 @copynext
 
-@heading Vincent Rijmen, Antoon Bosselaers, Paulo Barreto
-
-AES in libhcrypto
-
-@verbatim
-
-rijndael-alg-fst.c
-
-@version 3.0 (December 2000)
-
-Optimised ANSI C code for the Rijndael cipher (now AES)
-
-@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
-@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
-@author Paulo Barreto <paulo.barreto@terra.com.br>
-
-This code is hereby placed in the public domain.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
-OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-@end verbatim
 @copynext
 
 @heading Apple, Inc
@@ -387,6 +289,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 kdc/announce.c
 
 @verbatim
+SPDX-License-Identifier: HPND-export2-US
 
 Copyright (c) 2008 Apple Inc.  All Rights Reserved.
 
@@ -410,30 +313,6 @@ THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 
-@end verbatim
-
-@copynext
-
-@heading Richard Outerbridge
-
-DES core in libhcrypto
-
-@verbatim
-
-D3DES (V5.09) - 
-
-A portable, public domain, version of the Data Encryption Standard.
-
-Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
-Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
-code;  Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
-Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
-for humouring me on. 
-
-Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
-(GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
-
-
 @end verbatim
 
 @copynext
@@ -443,6 +322,7 @@ Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
 Windows support
 
 @verbatim
+SPDX-License-Identifier: BSD-2-Clause
 
 Copyright (c) 2009-2015, Secure Endpoints Inc.
 All rights reserved.
@@ -476,44 +356,4 @@ OF THE POSSIBILITY OF SUCH DAMAGE.
 
 @copynext
 
-@heading Novell, Inc
-
-lib/hcrypto/test_dh.c
-
-@verbatim
-
-Copyright (c) 2007, Novell, Inc.
-Author: Matthias Koenig <mkoenig@suse.de>
-
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-* Neither the name of the Novell nor the names of its contributors may be used
-  to endorse or promote products derived from this software without specific
-  prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
-
-@end verbatim
-
 @copyrightend

doc/hcrypto.din

@@ -1,16 +0,0 @@
-# Doxyfile 1.5.3
-
-PROJECT_NAME           = "Heimdal crypto library"
-PROJECT_NUMBER         = @PACKAGE_VERSION@
-OUTPUT_DIRECTORY       = @srcdir@/doxyout/hcrypto
-INPUT                  = @srcdir@/../lib/hcrypto
-EXAMPLE_PATH	       = @srcdir@/../lib/hcrypto
-
-WARN_IF_UNDOCUMENTED   = YES
-
-PERL_PATH              = /usr/bin/perl
-
-HTML_HEADER = "@srcdir@/header.html"
-HTML_FOOTER = "@srcdir@/footer.html"
-
-@INCLUDE = "@srcdir@/doxytmpl.dxy"

doc/layman.asc

@@ -23,7 +23,8 @@ subset of OSI's Abstract Syntax Notation One (ASN.1), Basic
 Encoding Rules (BER), and Distinguished Encoding Rules
 (DER). The particular purpose of this note is to provide
 background material sufficient for understanding and
-implementing the PKCS family of standards.
+implementing the PKCS family of standards.  NOTE WELL: This
+document is full of errors and not to be used.
 
 
 1. Introduction

doc/ntlm.din

@@ -1,16 +0,0 @@
-# Doxyfile 1.5.3
-
-PROJECT_NAME           = Heimdal ntlm library
-PROJECT_NUMBER         = @PACKAGE_VERSION@
-OUTPUT_DIRECTORY       = @srcdir@/doxyout/ntlm
-INPUT                  = @srcdir@/../lib/ntlm
-EXAMPLE_PATH	       = @srcdir@/../lib/ntlm
-
-WARN_IF_UNDOCUMENTED   = YES
-
-PERL_PATH              = /usr/bin/perl
-
-HTML_HEADER = "@srcdir@/header.html"
-HTML_FOOTER = "@srcdir@/footer.html"
-
-@INCLUDE = "@srcdir@/doxytmpl.dxy"

include/Makefile.am

@@ -2,7 +2,7 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-SUBDIRS = kadm5 hcrypto gssapi
+SUBDIRS = kadm5 gssapi
 
 noinst_PROGRAMS = bits
 CHECK_LOCAL = no-check-local
@@ -69,8 +69,6 @@ CLEANFILES =			\
 	heimbase.h		\
 	heimbase-svc.h		\
 	heimbase-protos.h	\
-	heimntlm-protos.h	\
-	heimntlm.h		\
 	hex.h			\
 	hx509-private.h		\
 	hx509-protos.h		\
@@ -98,10 +96,8 @@ CLEANFILES =			\
 	kx509_err.h		\
 	locate_plugin.h		\
 	login-protos.h		\
-	ntlm_err.h		\
 	ocsp_asn1.h		\
 	ocsp_template_asn1.h	\
-	otp.h			\
 	parse_bytes.h		\
 	parse_time.h		\
 	parse_units.h		\
@@ -126,6 +122,7 @@ CLEANFILES =			\
 	send_to_kdc_plugin.h	\
 	sl.h			\
 	sqlite3.h		\
+	sqlite3_namespace.h	\
 	sqlite3ext.h		\
 	test-mem.h		\
 	vers.h			\
@@ -137,9 +134,7 @@ CLEANFILES =			\
 	kdc-audit.h		\
 	csr_authorizer_plugin.h	\
 	gss_preauth_authorizer_plugin.h	\
-	token_validator_plugin.h	\
 	xdbm.h			\
-	x25519_ref10.h		\
 	x690sample_asn1.h	\
 	x690sample_template_asn1.h
 

include/NTMakefile

@@ -31,7 +31,7 @@
 
 RELDIR=include
 
-SUBDIRS=kadm5 hcrypto gssapi
+SUBDIRS=kadm5 gssapi
 
 !include ../windows/NTMakefile.w32
 !include ../windows/NTMakefile.version
@@ -62,12 +62,13 @@ while(<>) {
     if ("$(KRB5)") { print "#define KRB5 1\n"; }
     if ("$(KRB4)") { print "#define KRB4 1\n"; }
     if ("$(WEAK_CRYPTO)") { print "#define HEIM_WEAK_CRYPTO 1\n"; }
-    if ("$(HCRYPTO_FALLBACK)") { print "#define HCRYPTO_FALLBACK 1\n"; } else { print "#define HCRYPTO_FALLBACK 0\n"; }
+    # Always enable 3DES and ARCFOUR for Windows builds (needed for interop)
+    print "#define HEIM_DES3 1\n";
+    print "#define HEIM_ARCFOUR 1\n";
     if ("$(PKINIT)") { print "#define PKINIT 1\n"; }
     if ("$(NO_AFS)") { print "#define NO_AFS 1\n"; }
     if ("$(OPENLDAP)") { print "#define OPENLDAP 1\n"; }
     if ("$(OPENLDAP_MODULE)") { print "#define OPENLDAP_MODULE 1\n"; }
-    if ("$(OTP)") { print "#define OTP 1 \n"; }
     if ("$(AUTHENTICATION)") { print "#define AUTHENTICATION 1\n"; }
     if ("$(DIAGNOSTICS)") { print "#define DIAGNOSTICS 1\n"; }
     if ("$(ENCRYPTION)") { print "#define ENCRYPTION 1\n"; }

include/bits.c

@@ -139,6 +139,7 @@ int main(int argc, char **argv)
     int flag;
     char *p = NULL;
     const char *hb;
+    char *freeme = NULL;
 
     if (argc > 1 && strcmp(argv[1], "--version") == 0) {
 	printf("some version");
@@ -149,13 +150,12 @@ int main(int argc, char **argv)
 	hb = "__BITS_H__";
 	f = stdout;
     } else {
-	p = malloc(strlen(argv[1]) + 5);
+	p = freeme = malloc(strlen(argv[1]) + 5);
 	sprintf(p, "__%s__", argv[1]);
 	hb = p;
-	for(; *p; p++){
+	for(; *p; p++)
 	    if(!isalnum((unsigned char)*p))
 		*p = '_';
-	}
 	f = fopen(argv[1], "w");
     }
     fprintf(f, "#ifndef %s\n", hb);
@@ -325,5 +325,6 @@ int main(int argc, char **argv)
 
     if (f != stdout)
 	fclose(f);
+    free(freeme);
     return 0;
 }

include/config.h.w32

@@ -693,9 +693,6 @@ static const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
 /* Define to 1 if you have the `openpty' function. */
 /* #define HAVE_OPENPTY 1 */
 
-/* define to 1 to use openssl's libcrypto as a (default) backend for libhcrypto */
-/* #undef HAVE_HCRYPTO_W_OPENSSL */
-
 /* Define to enable basic OSF C2 support. */
 /* #undef HAVE_OSFC2 */
 

include/crypto-headers.h

@@ -9,17 +9,22 @@
 #include <krb5-types.h>
 #endif
 
-#include <hcrypto/evp.h>
-#include <hcrypto/des.h>
-#include <hcrypto/md4.h>
-#include <hcrypto/md5.h>
-#include <hcrypto/sha.h>
-#include <hcrypto/rc4.h>
-#include <hcrypto/rc2.h>
-#include <hcrypto/ui.h>
-#include <hcrypto/rand.h>
-#include <hcrypto/engine.h>
-#include <hcrypto/pkcs12.h>
-#include <hcrypto/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/des.h>
+#include <openssl/md4.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/rc4.h>
+#include <openssl/rc2.h>
+#include <openssl/ui.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+#include <openssl/pkcs12.h>
+#include <openssl/hmac.h>
+#include <openssl/provider.h>
+#include <openssl/encoder.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#include <openssl/x509.h>
 
 #endif /* __crypto_header__ */

include/gssapi/Makefile.am

@@ -2,6 +2,6 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h gssapi_ntlm.h gssapi_oid.h
+CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h gssapi_oid.h
 
 EXTRA_DIST = NTMakefile

include/hcrypto/Makefile.am

@@ -1,30 +0,0 @@
-# $Id$
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES =		\
-	aes.h		\
-	bn.h		\
-	des.h		\
-	dh.h		\
-	dsa.h		\
-	ec.h		\
-	ecdsa.h		\
-	ecdh.h		\
-	engine.h	\
-	evp.h		\
-	evp-hcrypto.h	\
-	evp-cc.h	\
-	hmac.h		\
-	md4.h		\
-	md5.h		\
-	pkcs12.h	\
-	rand.h		\
-	rc2.h		\
-	rc4.h		\
-	rsa.h		\
-	sha.h		\
-	ui.h		\
-	undef.h
-
-EXTRA_DIST = NTMakefile

include/hcrypto/NTMakefile

@@ -1,34 +0,0 @@
-########################################################################
-#
-# Copyright (c) 2009, Secure Endpoints Inc.
-# All rights reserved.
-# 
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 
-# - Redistributions of source code must retain the above copyright
-#   notice, this list of conditions and the following disclaimer.
-# 
-# - Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in
-#   the documentation and/or other materials provided with the
-#   distribution.
-# 
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# 
-
-RELDIR=include\hcrypto
-
-!include ../../windows/NTMakefile.w32

include/heim_threads.h

@@ -103,6 +103,7 @@ typedef unsigned long HEIM_PRIV_thread_key;
 
 #define HEIMDAL_THREAD_ID thr_t
 #define HEIMDAL_THREAD_create(t,f,a) thr_create((t), 0, (f), (a))
+#define HEIMDAL_THREAD_join(t,r) thr_join((t), 0, (r))
 
 #elif defined(ENABLE_PTHREAD_SUPPORT) && (!defined(__NetBSD__) || __NetBSD_Version__ >= 299001200)
 
@@ -142,9 +143,12 @@ typedef unsigned long HEIM_PRIV_thread_key;
 
 #define HEIMDAL_THREAD_ID pthread_t
 #define HEIMDAL_THREAD_create(t,f,a) pthread_create((t), 0, (f), (a))
+#define HEIMDAL_THREAD_join(t,r) pthread_join((t), (r))
 
 #elif defined(_WIN32)
 
+#define _Atomic
+
 typedef struct heim_mutex {
     HANDLE	h;
 } heim_mutex_t;
@@ -288,9 +292,44 @@ heim_rwlock_destroy(heim_rwlock_t *l)
 #define HEIMDAL_getspecific(k) (heim_w32_getspecific(k))
 #define HEIMDAL_key_delete(k) (heim_w32_delete_key(k))
 
-#define HEIMDAL_THREAD_ID DWORD
-#define HEIMDAL_THREAD_create(t,f,a) \
-    ((CreateThread(0, 0, (f), (a), 0, (t)) == INVALID_HANDLE_VALUE) ? EINVAL : 0)
+typedef struct heim_thread {
+    HANDLE handle;
+    DWORD id;
+} heim_thread_t;
+
+static inline int
+heim_thread_create(heim_thread_t *t, LPTHREAD_START_ROUTINE f, void *a)
+{
+    t->handle = CreateThread(NULL, 0, f, a, 0, &t->id);
+    if (t->handle == NULL || t->handle == INVALID_HANDLE_VALUE)
+        return EINVAL;
+    return 0;
+}
+
+static inline int
+heim_thread_join(heim_thread_t t, void **retval)
+{
+    DWORD ret;
+    DWORD exitcode;
+
+    ret = WaitForSingleObject(t.handle, INFINITE);
+    if (ret != WAIT_OBJECT_0) {
+        CloseHandle(t.handle);
+        return EINVAL;
+    }
+    if (retval) {
+        if (GetExitCodeThread(t.handle, &exitcode))
+            *retval = (void *)(uintptr_t)exitcode;
+        else
+            *retval = NULL;
+    }
+    CloseHandle(t.handle);
+    return 0;
+}
+
+#define HEIMDAL_THREAD_ID heim_thread_t
+#define HEIMDAL_THREAD_create(t,f,a) heim_thread_create((t), (f), (a))
+#define HEIMDAL_THREAD_join(t,r) heim_thread_join((t), (r))
 
 #elif defined(HEIMDAL_DEBUG_THREADS)
 
@@ -318,6 +357,7 @@ heim_rwlock_destroy(heim_rwlock_t *l)
 
 #define HEIMDAL_THREAD_ID int
 #define HEIMDAL_THREAD_create(t,f,a) abort()
+#define HEIMDAL_THREAD_join(t,r) abort()
 
 #else /* no thread support, no debug case */
 
@@ -340,6 +380,7 @@ heim_rwlock_destroy(heim_rwlock_t *l)
 
 #define HEIMDAL_THREAD_ID int
 #define HEIMDAL_THREAD_create(t,f,a) abort()
+#define HEIMDAL_THREAD_join(t,r) abort()
 
 #define HEIMDAL_internal_thread_key 1
 

kadmin/FUZZING.md

@@ -0,0 +1,71 @@
+# Fuzzing kadmin
+
+Kadmind includes built-in fuzzing support via the `--fuzz-stdin` flag, which
+processes a single RPC message from stdin without requiring network setup or
+authentication.
+
+## Running
+
+### Standalone mode
+
+```bash
+# Process a single corpus file
+./kadmind --fuzz-stdin < fuzz/get_existing_test.bin
+
+# With a specific realm
+./kadmind -r TEST.H5L.SE --fuzz-stdin < fuzz/create_new.bin
+```
+
+### With AFL++
+
+```bash
+# Build with AFL instrumentation
+CC=afl-clang-fast CXX=afl-clang-fast++ \
+  ../configure --enable-maintainer-mode --enable-developer
+make
+
+# Run fuzzer
+afl-fuzz -i kadmin/fuzz -o findings -- ./kadmind --fuzz-stdin
+```
+
+### With libFuzzer
+
+To use libFuzzer, create a harness that calls the internal fuzzing entry point:
+
+```c
+#include <stdint.h>
+extern int kadmind_fuzz_input(const uint8_t *data, size_t size);
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    kadmind_fuzz_input(data, size);
+    return 0;
+}
+```
+
+## Seed Corpus
+
+The `fuzz/` directory contains seed inputs covering:
+
+- All kadm_ops commands (GET, DELETE, CREATE, RENAME, CHPASS, MODIFY, RANDKEY, etc.)
+- Edge cases (invalid commands, truncated data, malformed principals)
+- Overflow tests (large/negative array counts)
+
+See `fuzz/README` for detailed corpus file descriptions.
+
+## Regenerating Corpus
+
+```bash
+cd fuzz
+python3 gen_corpus.py
+```
+
+## Message Format
+
+Each corpus file contains a length-prefixed message:
+
+```
+[4-byte big-endian length][message payload]
+```
+
+The payload starts with a 4-byte command number (see `kadm_ops` enum in
+`lib/kadm5/kadm5-private.h`).

kadmin/Makefile.am

@@ -63,7 +63,6 @@ check_PROGRAMS = $(TESTS)
 LDADD_common = \
 	$(top_builddir)/lib/hdb/libhdb.la \
 	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken) \
 	$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
@@ -75,10 +74,6 @@ kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
 	$(LIB_pidfile) \
 	$(LIB_dlopen)
 
-if HAVE_SYSTEMD
-kadmind_LDADD += $(SYSTEMD_LIBS)
-endif
-
 kadmin_LDADD = \
 	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
 	$(top_builddir)/lib/kadm5/libkadm5srv.la \

kadmin/ank.c

@@ -150,9 +150,9 @@ add_one_principal(const char *name,
 	    krb5_set_error_message(context, ret, "out of memory");
 	    goto out;
 	}
-	ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt,
-				      UI_UTIL_FLAG_VERIFY |
-				      UI_UTIL_FLAG_VERIFY_SILENT);
+	ret = _krb5_UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt,
+                                           UI_UTIL_FLAG_VERIFY |
+                                           UI_UTIL_FLAG_VERIFY_SILENT);
 	free (prompt);
 	if (ret) {
 	    ret = KRB5_LIBOS_BADPWDMATCH;
@@ -275,7 +275,7 @@ add_new_key(struct add_options *opt, int argc, char **argv)
         enctypes = krb5_config_get_string(context, NULL, "libdefaults",
                                           "supported_enctypes", NULL);
     if (enctypes == NULL || enctypes[0] == '\0')
-        enctypes = "aes128-cts-hmac-sha1-96";
+        enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192";
     ret = krb5_string_to_keysalts2(context, enctypes, &nkstuple, &kstuple);
     if (ret) {
         fprintf(stderr, "enctype(s) unknown\n");
@@ -505,7 +505,7 @@ add_new_namespace(struct add_namespace_options *opt, int argc, char **argv)
         enctypes = krb5_config_get_string(context, NULL, "libdefaults",
                                           "supported_enctypes", NULL);
     if (enctypes == NULL || enctypes[0] == '\0')
-        enctypes = "aes128-cts-hmac-sha1-96";
+        enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192";
     ret = krb5_string_to_keysalts2(context, enctypes, &nkstuple, &kstuple);
     if (ret) {
         fprintf(stderr, "enctype(s) unknown\n");

kadmin/cpw.c

@@ -39,24 +39,39 @@ struct cpw_entry_data {
     int random_key;
     int random_password;
     char *password;
+    const char *enctypes;
     krb5_key_data *key_data;
     void *kadm_handle;
 };
 
 static int
-set_random_key(void *dup_kadm_handle, krb5_principal principal, int keepold)
+set_random_key(void *dup_kadm_handle,
+               krb5_principal principal,
+               const char *enctypes,
+               int keepold)
 {
     krb5_error_code ret;
+    krb5_key_salt_tuple *key_salt_tuples = NULL;
+    size_t nkey_salt_tuples = 0;
     int i;
     krb5_keyblock *keys;
     int num_keys;
 
-    ret = kadm5_randkey_principal_3(dup_kadm_handle, principal, keepold, 0,
-                                    NULL, &keys, &num_keys);
+    if (enctypes) {
+        ret = krb5_string_to_keysalts2(context, enctypes, &nkey_salt_tuples,
+                                       &key_salt_tuples);
+        if (ret)
+            return ret;
+    }
+
+    ret = kadm5_randkey_principal_3(dup_kadm_handle, principal, keepold,
+                                    nkey_salt_tuples, key_salt_tuples, &keys,
+                                    &num_keys);
     if(ret)
 	return ret;
     for(i = 0; i < num_keys; i++)
 	krb5_free_keyblock_contents(context, &keys[i]);
+    free(key_salt_tuples);
     free(keys);
     return 0;
 }
@@ -64,9 +79,12 @@ set_random_key(void *dup_kadm_handle, krb5_principal principal, int keepold)
 static int
 set_random_password(void *dup_kadm_handle,
                     krb5_principal principal,
+                    const char *enctypes,
                     int keepold)
 {
     krb5_error_code ret;
+    krb5_key_salt_tuple *key_salt_tuples = NULL;
+    size_t nkey_salt_tuples = 0;
     char pw[128];
     char *princ_name;
 
@@ -74,11 +92,19 @@ set_random_password(void *dup_kadm_handle,
     if (ret)
 	return ret;
 
+    if (enctypes) {
+        ret = krb5_string_to_keysalts2(context, enctypes, &nkey_salt_tuples,
+                                       &key_salt_tuples);
+        if (ret)
+            return ret;
+    }
+
     random_password(pw, sizeof(pw));
-    ret = kadm5_chpass_principal_3(dup_kadm_handle, principal, keepold, 0,
-                                   NULL, pw);
+    ret = kadm5_chpass_principal_3(dup_kadm_handle, principal, keepold,
+                                   nkey_salt_tuples, key_salt_tuples, pw);
     if (ret == 0)
 	printf ("%s's password set to \"%s\"\n", princ_name, pw);
+    free(key_salt_tuples);
     free(princ_name);
     memset_s(pw, sizeof(pw), 0, sizeof(pw));
     return ret;
@@ -87,10 +113,13 @@ set_random_password(void *dup_kadm_handle,
 static int
 set_password(void *dup_kadm_handle,
              krb5_principal principal,
+             const char *enctypes,
              char *password,
              int keepold)
 {
     krb5_error_code ret = 0;
+    krb5_key_salt_tuple *key_salt_tuples = NULL;
+    size_t nkey_salt_tuples = 0;
     char pwbuf[128];
     int aret;
 
@@ -105,19 +134,29 @@ set_password(void *dup_kadm_handle,
 	free (princ_name);
 	if (aret == -1)
 	    return ENOMEM;
-	ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt,
-				     UI_UTIL_FLAG_VERIFY |
-				     UI_UTIL_FLAG_VERIFY_SILENT);
+	ret = _krb5_UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt,
+                                           UI_UTIL_FLAG_VERIFY |
+                                           UI_UTIL_FLAG_VERIFY_SILENT);
 	free (prompt);
 	if(ret){
             return KRB5_LIBOS_BADPWDMATCH;
 	}
 	password = pwbuf;
     }
+
+    if (enctypes) {
+        ret = krb5_string_to_keysalts2(context, enctypes, &nkey_salt_tuples,
+                                       &key_salt_tuples);
+        if (ret)
+            return ret;
+    }
+
     if(ret == 0)
-        ret = kadm5_chpass_principal_3(dup_kadm_handle, principal, keepold, 0,
-                                       NULL, password);
+        ret = kadm5_chpass_principal_3(dup_kadm_handle, principal, keepold,
+                                       nkey_salt_tuples, key_salt_tuples,
+                                       password);
     memset_s(pwbuf, sizeof(pwbuf), 0, sizeof(pwbuf));
+    free(key_salt_tuples);
     return ret;
 }
 
@@ -140,13 +179,13 @@ do_cpw_entry(krb5_principal principal, void *data)
     struct cpw_entry_data *e = data;
 
     if (e->random_key)
-	return set_random_key(e->kadm_handle, principal, e->keepold);
+	return set_random_key(e->kadm_handle, principal, e->enctypes, e->keepold);
     else if (e->random_password)
-	return set_random_password(e->kadm_handle, principal, e->keepold);
+	return set_random_password(e->kadm_handle, principal, e->enctypes, e->keepold);
     else if (e->key_data)
 	return set_key_data(e->kadm_handle, principal, e->key_data, e->keepold);
     else
-	return set_password(e->kadm_handle, principal, e->password, e->keepold);
+	return set_password(e->kadm_handle, principal, e->enctypes, e->password, e->keepold);
 }
 
 int
@@ -164,6 +203,7 @@ cpw_entry(struct passwd_options *opt, int argc, char **argv)
     ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
     if (ret)
         krb5_err(context, 1, ret, "Could not duplicate kadmin connection");
+    data.enctypes = opt->enctypes_string;
     data.random_key = opt->random_key_flag;
     data.random_password = opt->random_password_flag;
     data.password = opt->password_string;

kadmin/ext.c

@@ -68,6 +68,12 @@ do_ext_keytab(krb5_principal principal, void *data)
     if (ret)
 	goto out;
 
+    /* Debug: record which principal was fetched and some context */
+    krb5_warnx(context, "do_ext_keytab: fetched principal %s mask=0x%x n_key_data=%d",
+               unparsed ? unparsed : "<unparsed>",
+               mask,
+               (int)princ.n_key_data);
+
     if (!e->random_key_flag) {
         if (princ.n_key_data == 0) {
             krb5_warnx(context, "principal has no keys, or user lacks "
@@ -111,6 +117,13 @@ do_ext_keytab(krb5_principal principal, void *data)
 	    keys[i].keyblock.keyvalue.data = kd->key_data_contents[0];
 	    keys[i].timestamp = time(NULL);
             n_k++;
+
+            /* Debug: log each key extracted (kvno/enctype) for the principal */
+            krb5_warnx(context, "do_ext_keytab: principal=%s key_index=%zu kvno=%d enctype=%d",
+                       unparsed ? unparsed : "<unparsed>",
+                       i,
+                       keys[i].vno,
+                       keys[i].keyblock.keytype);
 	}
     } else if (e->random_key_flag) {
         ret = kadm5_randkey_principal_3(e->kadm_handle, principal, e->keep,
@@ -144,7 +157,7 @@ do_ext_keytab(krb5_principal principal, void *data)
     kadm5_free_principal_ent(e->kadm_handle, &princ);
     if (k) {
         for (i = 0; i < n_k; i++)
-            memset(k[i].keyvalue.data, 0, k[i].keyvalue.length);
+            krb5_free_keyblock_contents(context, &k[i]);
 	free(k);
     }
     free(unparsed);
@@ -199,7 +212,7 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
         enctypes = krb5_config_get_string(context, NULL, "libdefaults",
                                           "supported_enctypes", NULL);
     if (enctypes == NULL || enctypes[0] == '\0')
-        enctypes = "aes128-cts-hmac-sha1-96";
+        enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192";
     ret = krb5_string_to_keysalts2(context, enctypes, &data.nkstuple,
                                    &data.kstuple);
     if (ret) {
@@ -208,6 +221,10 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
         return ret;
     }
 
+    /* Debug: record ext_keytab invocation details */
+    krb5_warnx(context, "ext_keytab: invoking foreach_principal for %zu principals, enctypes=%s",
+               (size_t)argc, enctypes ? enctypes : "<none>");
+
     for(i = 0; i < argc; i++) {
 	ret = foreach_principal(argv[i], do_ext_keytab, "ext", &data);
 	if (ret)

kadmin/fuzz/README

@@ -0,0 +1,81 @@
+Kadmind Fuzzing Corpus
+======================
+
+This directory contains seed inputs for fuzzing kadmind RPC handling.
+
+Usage
+-----
+
+Run kadmind in fuzzing mode:
+
+    ./kadmind --fuzz-stdin < corpus_file.bin > output.bin
+
+Or with a specific realm:
+
+    ./kadmind -r MY.REALM --fuzz-stdin < corpus_file.bin
+
+Message Format
+--------------
+
+Each corpus file contains a length-prefixed message:
+
+    [4-byte big-endian length][message payload]
+
+The message payload starts with a 4-byte command number (kadm_ops enum):
+
+    kadm_get           = 0   - Get principal
+    kadm_delete        = 1   - Delete principal
+    kadm_create        = 2   - Create principal
+    kadm_rename        = 3   - Rename principal
+    kadm_chpass        = 4   - Change password
+    kadm_modify        = 5   - Modify principal
+    kadm_randkey       = 6   - Randomize keys
+    kadm_get_privs     = 7   - Get admin privileges
+    kadm_get_princs    = 8   - List principals
+    kadm_chpass_with_key = 9 - Change password with explicit keys
+    kadm_nop           = 10  - No operation (ping/interrupt)
+    kadm_prune         = 11  - Prune old keys
+
+Corpus Files
+------------
+
+Normal operations:
+  nop_reply.bin              - NOP with reply requested
+  nop_noreply.bin            - NOP without reply (interrupt)
+  get_principal.bin          - GET with basic mask
+  get_principal_all.bin      - GET with all fields
+  delete_principal.bin       - DELETE principal
+  create_principal.bin       - CREATE with minimal fields
+  create_principal_attrs.bin - CREATE with attributes
+  modify_principal.bin       - MODIFY principal
+  rename_principal.bin       - RENAME principal
+  chpass_principal.bin       - CHPASS
+  chpass_principal_keepold.bin - CHPASS keeping old keys
+  randkey_principal.bin      - RANDKEY simple
+  randkey_principal_full.bin - RANDKEY with ks_tuples
+  get_privs.bin              - GET_PRIVS
+  get_princs_all.bin         - LIST all principals
+  get_princs_expr.bin        - LIST with expression
+  get_princs_iter.bin        - LIST with online iteration
+  prune_principal.bin        - PRUNE to specific kvno
+  prune_principal_all.bin    - PRUNE (no kvno)
+  chpass_with_key.bin        - CHPASS_WITH_KEY
+  create_with_tldata.bin     - CREATE with TL_DATA
+  create_empty_password.bin  - CREATE with empty password
+
+Edge cases and malformed inputs:
+  invalid_cmd.bin            - Invalid command number
+  truncated_get.bin          - GET with missing data
+  malformed_principal.bin    - Bad principal encoding
+  long_principal.bin         - Very long principal name
+  many_components.bin        - Principal with many components
+  large_nkeydata.bin         - Large n_key_data (overflow test)
+  negative_nkeydata.bin      - Negative n_key_data
+  empty_message.bin          - Zero-length message
+
+Regenerating
+------------
+
+Run gen_corpus.py to regenerate all corpus files:
+
+    python3 gen_corpus.py

kadmin/fuzz/gen_corpus.py

@@ -0,0 +1,472 @@
+#!/usr/bin/env python3
+"""
+Generate fuzz corpus for kadmind RPC testing.
+
+Message format:
+  4-byte big-endian length prefix
+  N bytes of message data
+
+The message data starts with a 4-byte command number (kadm_ops enum).
+
+The fuzzer pre-populates the HDB with these principals (in FUZZ.REALM):
+  - test
+  - admin/admin
+  - user1
+  - user2
+  - host/localhost
+  - HTTP/www.example.com
+  - krbtgt/FUZZ.REALM
+"""
+
+import struct
+import os
+
+# kadm_ops enum values
+KADM_GET = 0
+KADM_DELETE = 1
+KADM_CREATE = 2
+KADM_RENAME = 3
+KADM_CHPASS = 4
+KADM_MODIFY = 5
+KADM_RANDKEY = 6
+KADM_GET_PRIVS = 7
+KADM_GET_PRINCS = 8
+KADM_CHPASS_WITH_KEY = 9
+KADM_NOP = 10
+KADM_PRUNE = 11
+
+# Pre-populated principals (must match kadmind.c fuzz_stdin)
+EXISTING_PRINCIPALS = [
+    "test",
+    "admin/admin",
+    "user1",
+    "user2",
+    "host/localhost",
+    "HTTP/www.example.com",
+    "krbtgt/FUZZ.REALM",
+]
+
+# KADM5 mask bits (from admin.h)
+KADM5_PRINCIPAL = 0x000001
+KADM5_PRINC_EXPIRE_TIME = 0x000002
+KADM5_PW_EXPIRATION = 0x000004
+KADM5_LAST_PWD_CHANGE = 0x000008
+KADM5_ATTRIBUTES = 0x000010
+KADM5_MAX_LIFE = 0x000020
+KADM5_MOD_TIME = 0x000040
+KADM5_MOD_NAME = 0x000080
+KADM5_KVNO = 0x000100
+KADM5_MKVNO = 0x000200
+KADM5_AUX_ATTRIBUTES = 0x000400
+KADM5_POLICY = 0x000800
+KADM5_POLICY_CLR = 0x001000
+KADM5_MAX_RLIFE = 0x002000
+KADM5_LAST_SUCCESS = 0x004000
+KADM5_LAST_FAILED = 0x008000
+KADM5_FAIL_AUTH_COUNT = 0x010000
+KADM5_KEY_DATA = 0x020000
+KADM5_TL_DATA = 0x040000
+
+
+def pack_int32(val):
+    """Pack a 32-bit big-endian integer."""
+    return struct.pack('>i', val)
+
+
+def pack_uint32(val):
+    """Pack a 32-bit big-endian unsigned integer."""
+    return struct.pack('>I', val)
+
+
+def pack_string(s):
+    """Pack a string (4-byte length + data + null terminator)."""
+    # Heimdal krb5_store_string includes null terminator in length
+    data = s.encode('utf-8') + b'\x00'
+    return pack_uint32(len(data)) + data
+
+
+def pack_data(d):
+    """Pack binary data (4-byte length + data)."""
+    return pack_uint32(len(d)) + d
+
+
+def pack_principal(name, realm="FUZZ.REALM"):
+    """
+    Pack a Kerberos principal.
+    Format: name_type (4), num_components (4), realm (string),
+            components (string each)
+    """
+    parts = name.split('/')
+    # KRB5_NT_PRINCIPAL = 1
+    result = pack_int32(1)  # name_type
+    result += pack_int32(len(parts))  # num_components
+    result += pack_string(realm)  # realm
+    for part in parts:
+        result += pack_string(part)
+    return result
+
+
+def pack_principal_ent(principal_name, mask, realm="FUZZ.REALM"):
+    """
+    Pack a kadm5_principal_ent structure.
+    Only includes fields indicated by mask.
+    """
+    result = pack_int32(mask)  # mask comes first
+
+    if mask & KADM5_PRINCIPAL:
+        result += pack_principal(principal_name, realm)
+    if mask & KADM5_PRINC_EXPIRE_TIME:
+        result += pack_int32(0)  # princ_expire_time
+    if mask & KADM5_PW_EXPIRATION:
+        result += pack_int32(0)  # pw_expiration
+    if mask & KADM5_LAST_PWD_CHANGE:
+        result += pack_int32(0)  # last_pwd_change
+    if mask & KADM5_MAX_LIFE:
+        result += pack_int32(86400)  # max_life = 1 day
+    if mask & KADM5_MOD_NAME:
+        result += pack_int32(0)  # mod_name is NULL
+    if mask & KADM5_MOD_TIME:
+        result += pack_int32(0)  # mod_date
+    if mask & KADM5_ATTRIBUTES:
+        result += pack_int32(0)  # attributes
+    if mask & KADM5_KVNO:
+        result += pack_int32(1)  # kvno
+    if mask & KADM5_MKVNO:
+        result += pack_int32(1)  # mkvno
+    if mask & KADM5_POLICY:
+        result += pack_int32(0)  # policy is NULL
+    if mask & KADM5_AUX_ATTRIBUTES:
+        result += pack_int32(0)  # aux_attributes
+    if mask & KADM5_MAX_RLIFE:
+        result += pack_int32(604800)  # max_renewable_life = 1 week
+    if mask & KADM5_LAST_SUCCESS:
+        result += pack_int32(0)
+    if mask & KADM5_LAST_FAILED:
+        result += pack_int32(0)
+    if mask & KADM5_FAIL_AUTH_COUNT:
+        result += pack_int32(0)
+    if mask & KADM5_KEY_DATA:
+        result += pack_int32(0)  # n_key_data = 0
+    if mask & KADM5_TL_DATA:
+        result += pack_int32(0)  # n_tl_data = 0
+
+    return result
+
+
+def wrap_message(data):
+    """Wrap message data with 4-byte length prefix."""
+    return pack_uint32(len(data)) + data
+
+
+def write_corpus(filename, data):
+    """Write a corpus file."""
+    path = os.path.join(os.path.dirname(__file__), filename)
+    with open(path, 'wb') as f:
+        f.write(wrap_message(data))
+    print(f"Created {filename} ({len(data)} bytes payload)")
+
+
+# Generate corpus files
+
+# ========== Basic operations ==========
+
+# 1. NOP with reply wanted
+write_corpus("nop_reply.bin",
+    pack_int32(KADM_NOP) + pack_int32(1))
+
+# 2. NOP without reply (interrupt request)
+write_corpus("nop_noreply.bin",
+    pack_int32(KADM_NOP) + pack_int32(0))
+
+# 3. GET_PRIVS
+write_corpus("get_privs.bin",
+    pack_int32(KADM_GET_PRIVS))
+
+# ========== Operations on EXISTING principals ==========
+# These should exercise deeper code paths since the principals exist
+
+# 4. GET existing principal "test"
+write_corpus("get_existing_test.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("test") +
+    pack_int32(KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES))
+
+# 5. GET existing principal with all fields
+write_corpus("get_existing_all.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("test") +
+    pack_int32(0x7FFFF))  # All mask bits
+
+# 6. GET existing admin/admin
+write_corpus("get_existing_admin.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("admin/admin") +
+    pack_int32(KADM5_PRINCIPAL | KADM5_KVNO))
+
+# 7. GET existing host principal
+write_corpus("get_existing_host.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("host/localhost") +
+    pack_int32(KADM5_PRINCIPAL | KADM5_KEY_DATA))
+
+# 8. GET existing HTTP service
+write_corpus("get_existing_http.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("HTTP/www.example.com") +
+    pack_int32(KADM5_PRINCIPAL))
+
+# 9. GET krbtgt (special principal)
+write_corpus("get_existing_krbtgt.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("krbtgt/FUZZ.REALM") +
+    pack_int32(KADM5_PRINCIPAL | KADM5_KVNO | KADM5_MAX_LIFE))
+
+# 10. CHPASS on existing principal
+write_corpus("chpass_existing.bin",
+    pack_int32(KADM_CHPASS) +
+    pack_principal("user1") +
+    pack_string("newpassword123") +
+    pack_int32(0))  # keepold = false
+
+# 11. CHPASS on existing with keepold
+write_corpus("chpass_existing_keepold.bin",
+    pack_int32(KADM_CHPASS) +
+    pack_principal("user2") +
+    pack_string("anotherpassword") +
+    pack_int32(1))  # keepold = true
+
+# 12. RANDKEY on existing principal
+write_corpus("randkey_existing.bin",
+    pack_int32(KADM_RANDKEY) +
+    pack_principal("test"))
+
+# 13. RANDKEY on existing with ks_tuples
+write_corpus("randkey_existing_full.bin",
+    pack_int32(KADM_RANDKEY) +
+    pack_principal("user1") +
+    pack_int32(1) +  # keepold
+    pack_int32(2) +  # n_ks_tuple
+    pack_int32(17) + pack_int32(0) +  # aes128-cts-hmac-sha1-96
+    pack_int32(18) + pack_int32(0))   # aes256-cts-hmac-sha1-96
+
+# 14. MODIFY existing principal
+mask = KADM5_PRINCIPAL | KADM5_ATTRIBUTES | KADM5_MAX_LIFE
+write_corpus("modify_existing.bin",
+    pack_int32(KADM_MODIFY) +
+    pack_principal_ent("test", mask) +
+    pack_int32(mask))
+
+# 15. MODIFY existing - change max_renewable_life
+mask = KADM5_PRINCIPAL | KADM5_MAX_RLIFE
+write_corpus("modify_existing_rlife.bin",
+    pack_int32(KADM_MODIFY) +
+    pack_principal_ent("user1", mask) +
+    pack_int32(mask))
+
+# 16. PRUNE existing principal
+write_corpus("prune_existing.bin",
+    pack_int32(KADM_PRUNE) +
+    pack_principal("test") +
+    pack_int32(1))  # keep kvno >= 1
+
+# 17. RENAME existing to new
+write_corpus("rename_existing.bin",
+    pack_int32(KADM_RENAME) +
+    pack_principal("user2") +
+    pack_principal("user2_renamed"))
+
+# 18. CHPASS_WITH_KEY on existing
+key_data = (
+    pack_int32(2) +  # key_data_ver
+    pack_int32(2) +  # key_data_kvno
+    pack_int32(17) +  # aes128
+    pack_data(b'\x00' * 16) +
+    pack_int32(0) +  # no salt type
+    pack_data(b'')
+)
+write_corpus("chpass_key_existing.bin",
+    pack_int32(KADM_CHPASS_WITH_KEY) +
+    pack_principal("test") +
+    pack_int32(1) +  # n_key_data
+    pack_int32(0) +  # keepold
+    key_data)
+
+# ========== Operations on NON-EXISTING principals ==========
+
+# 19. GET non-existing principal
+write_corpus("get_nonexisting.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("does/not/exist") +
+    pack_int32(KADM5_PRINCIPAL))
+
+# 20. DELETE non-existing principal
+write_corpus("delete_nonexisting.bin",
+    pack_int32(KADM_DELETE) +
+    pack_principal("nonexistent"))
+
+# 21. CREATE new principal
+mask = KADM5_PRINCIPAL | KADM5_MAX_LIFE | KADM5_MAX_RLIFE
+write_corpus("create_new.bin",
+    pack_int32(KADM_CREATE) +
+    pack_principal_ent("newprinc", mask) +
+    pack_int32(mask) +
+    pack_string("password123"))
+
+# 22. CREATE with various attributes
+mask = KADM5_PRINCIPAL | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_PRINC_EXPIRE_TIME
+write_corpus("create_with_attrs.bin",
+    pack_int32(KADM_CREATE) +
+    pack_principal_ent("newprinc2", mask) +
+    pack_int32(mask) +
+    pack_string("password456"))
+
+# ========== GET_PRINCS listing ==========
+
+# 23. GET_PRINCS - list all
+write_corpus("get_princs_all.bin",
+    pack_int32(KADM_GET_PRINCS) +
+    pack_int32(0))  # no expression
+
+# 24. GET_PRINCS with wildcard
+write_corpus("get_princs_wildcard.bin",
+    pack_int32(KADM_GET_PRINCS) +
+    pack_int32(1) +
+    pack_string("*"))
+
+# 25. GET_PRINCS with pattern
+write_corpus("get_princs_user.bin",
+    pack_int32(KADM_GET_PRINCS) +
+    pack_int32(1) +
+    pack_string("user*"))
+
+# 26. GET_PRINCS with host pattern
+write_corpus("get_princs_host.bin",
+    pack_int32(KADM_GET_PRINCS) +
+    pack_int32(1) +
+    pack_string("host/*"))
+
+# 27. GET_PRINCS online iteration mode
+write_corpus("get_princs_iter.bin",
+    pack_int32(KADM_GET_PRINCS) +
+    pack_int32(0x55555555) +
+    pack_string("*"))
+
+# ========== Edge cases and malformed inputs ==========
+
+# 28. Invalid command
+write_corpus("invalid_cmd.bin",
+    pack_int32(99))
+
+# 29. Truncated message
+write_corpus("truncated_get.bin",
+    pack_int32(KADM_GET))
+
+# 30. Malformed principal (bad component count)
+write_corpus("malformed_principal.bin",
+    pack_int32(KADM_GET) +
+    pack_int32(1) +  # name_type
+    pack_int32(-1) +  # invalid num_components
+    pack_string("FUZZ.REALM"))
+
+# 31. Very long principal name
+write_corpus("long_principal.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("A" * 1000))
+
+# 32. Principal with many components
+write_corpus("many_components.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("/".join(["c"] * 50)))
+
+# 33. Empty password create
+mask = KADM5_PRINCIPAL
+write_corpus("create_empty_password.bin",
+    pack_int32(KADM_CREATE) +
+    pack_principal_ent("emptypass", mask) +
+    pack_int32(mask) +
+    pack_string(""))
+
+# 34. Create with TL_DATA
+mask = KADM5_PRINCIPAL | KADM5_TL_DATA
+tl_data = (
+    pack_int32(1) +  # tl_data_type
+    pack_data(b'test tl data content')
+)
+princ_with_tl = (
+    pack_int32(mask) +
+    pack_principal("withtldata") +
+    pack_int32(1) +  # n_tl_data
+    tl_data
+)
+write_corpus("create_with_tldata.bin",
+    pack_int32(KADM_CREATE) +
+    princ_with_tl +
+    pack_int32(mask) +
+    pack_string("password"))
+
+# 35. Large n_key_data (integer overflow)
+write_corpus("large_nkeydata.bin",
+    pack_int32(KADM_CHPASS_WITH_KEY) +
+    pack_principal("test") +
+    pack_int32(0x7FFFFFFF) +
+    pack_int32(0))
+
+# 36. Negative n_key_data
+write_corpus("negative_nkeydata.bin",
+    pack_int32(KADM_CHPASS_WITH_KEY) +
+    pack_principal("test") +
+    pack_int32(-1) +
+    pack_int32(0))
+
+# 37. Zero-length message
+with open(os.path.join(os.path.dirname(__file__), "empty_message.bin"), 'wb') as f:
+    f.write(pack_uint32(0))
+print("Created empty_message.bin (0 bytes payload)")
+
+# 38. Multiple key_data entries
+multi_key = b''
+for i in range(3):
+    multi_key += (
+        pack_int32(2) +  # ver
+        pack_int32(i + 1) +  # kvno
+        pack_int32(17) +  # aes128
+        pack_data(b'\x00' * 16) +
+        pack_int32(0) +
+        pack_data(b'')
+    )
+write_corpus("chpass_multikey.bin",
+    pack_int32(KADM_CHPASS_WITH_KEY) +
+    pack_principal("test") +
+    pack_int32(3) +  # n_key_data
+    pack_int32(1) +  # keepold
+    multi_key)
+
+# 39. MODIFY with policy (even though we don't have policies)
+mask = KADM5_PRINCIPAL | KADM5_POLICY
+write_corpus("modify_with_policy.bin",
+    pack_int32(KADM_MODIFY) +
+    pack_int32(mask) +
+    pack_principal("test") +
+    pack_int32(1) +  # policy is present
+    pack_string("default") +
+    pack_int32(mask))
+
+# 40. DELETE existing principal (exercising actual delete path)
+write_corpus("delete_existing.bin",
+    pack_int32(KADM_DELETE) +
+    pack_principal("user1"))
+
+# 41. Cross-realm principal reference
+write_corpus("get_crossrealm.bin",
+    pack_int32(KADM_GET) +
+    pack_principal("user", "OTHER.REALM") +
+    pack_int32(KADM5_PRINCIPAL))
+
+# 42. Service principal with instance
+write_corpus("create_service.bin",
+    pack_int32(KADM_CREATE) +
+    pack_principal_ent("ldap/server.example.com", KADM5_PRINCIPAL | KADM5_MAX_LIFE) +
+    pack_int32(KADM5_PRINCIPAL | KADM5_MAX_LIFE) +
+    pack_string("servicepass"))
+
+print("\nCorpus generation complete!")