diff options
38 files changed, 3445 insertions, 364 deletions
diff --git a/Makefile.am b/Makefile.am index 52d7b26b8..d696c2898 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ # $Id$ AUTOMAKE_OPTIONS = foreign no-dependencies -SUBDIRS = lib include kuser +SUBDIRS = include lib kuser diff --git a/Makefile.in b/Makefile.in index 5f3492ae3..132117976 100644 --- a/Makefile.in +++ b/Makefile.in @@ -41,14 +41,15 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ transform = @program_transform_name@ AUTOMAKE_OPTIONS = foreign no-dependencies -SUBDIRS = lib include kuser +SUBDIRS = include lib kuser ACLOCAL = aclocal.m4 ACCONFIG = acconfig.h CONFIG_HEADER_IN = config.h.in mkinstalldirs = $(top_srcdir)/mkinstalldirs CONFIG_HEADER = ./config.h -DIST_COMMON = Makefile.am Makefile.in acconfig.h aclocal.m4 config.h.in \ -configure configure.in install-sh mkinstalldirs stamp-h.in +DIST_COMMON = Makefile.am Makefile.in acconfig.h aclocal.m4 config.guess \ +config.h.in config.sub configure configure.in install-sh mkinstalldirs \ +stamp-h.in PACKAGE = @PACKAGE@ diff --git a/acconfig.h b/acconfig.h index 9ba0ae643..b190832ab 100644 --- a/acconfig.h +++ b/acconfig.h @@ -9,6 +9,8 @@ #undef HAVE_U_INT32_T #undef HAVE_U_INT64_T +#undef VOID_RETSIGTYPE + #ifdef VOID_RETSIGTYPE #define SIGRETURN(x) return #else diff --git a/cache.h b/cache.h new file mode 100644 index 000000000..05bdc30cb --- /dev/null +++ b/cache.h @@ -0,0 +1,93 @@ +#ifndef __CACHE_H__ +#define __CACHE_H__ + +krb5_error_code +krb5_cc_resolve(krb5_context context, + const char *residual, + krb5_ccache *id); + +char * +krb5_cc_get_name (krb5_context context, + krb5_ccache id); + +char * +krb5_cc_default_name (krb5_context context); + +krb5_error_code +krb5_cc_default (krb5_context context, + krb5_ccache *id); + +krb5_error_code +krb5_cc_initialize (krb5_context context, + krb5_ccache id, + krb5_principal primary_principal); + +krb5_error_code +krb5_cc_destroy (krb5_context context, + krb5_ccache id); + +krb5_error_code +krb5_cc_close (krb5_context context, + krb5_ccache id); + +krb5_error_code +krb5_cc_store_cred (krb5_context context, + krb5_ccache id, + krb5_creds *creds); + +krb5_error_code +krb5_cc_retrieve_cred (krb5_context context, + krb5_ccache id, + krb5_flags whichfields, + krb5_creds *mcreds, + krb5_creds *creds); + +krb5_error_code +krb5_cc_get_principal (krb5_context context, + krb5_ccache id, + krb5_principal *principal); + +krb5_error_code +krb5_cc_get_first (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor); + +krb5_error_code +krb5_cc_get_next (krb5_context context, + krb5_ccache id, + krb5_creds *creds, + krb5_cc_cursor *cursor); + +krb5_error_code +krb5_cc_end_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor); + +krb5_error_code +krb5_cc_remove_cred (krb5_context context, + krb5_ccache id, + krb5_flags which, + krb5_creds *cred); + +krb5_error_code +krb5_cc_set_flags (krb5_context context, + krb5_ccache id, + krb5_flags flags); + +krb5_error_code +krb5_cc_start_seq_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor); + +krb5_error_code +krb5_cc_next_cred (krb5_context context, + krb5_ccache id, + krb5_creds *creds, + krb5_cc_cursor *cursor); + +krb5_error_code +krb5_cc_end_seq_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor); + +#endif /* __CACHE_H__ */ diff --git a/config.guess b/config.guess new file mode 100755 index 000000000..8cc5ff03a --- /dev/null +++ b/config.guess @@ -0,0 +1,665 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Written by Per Bothner <bothner@cygnus.com>. +# The master version of this file is at the FSF in /home/gd/gnu/lib. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit system type (host/target name). +# +# Only a few systems have been added to this list; please add others +# (but try to keep the structure clean). +# + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 8/24/94.) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + alpha:OSF1:*:*) + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-cbm-sysv4 + exit 0;; + amiga:NetBSD:*:*) + echo m68k-cbm-netbsd${UNAME_RELEASE} + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-cbm-openbsd${UNAME_RELEASE} + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + sun4*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + atari*:NetBSD:*:*) + echo m68k-atari-netbsd${UNAME_RELEASE} + exit 0 ;; + atari*:OpenBSD:*:*) + echo m68k-atari-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:NetBSD:*:*) + echo m68k-sun-netbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:OpenBSD:*:*) + echo m68k-sun-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:NetBSD:*:*) + echo m68k-apple-netbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-apple-openbsd${UNAME_RELEASE} + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + sed 's/^ //' << EOF >dummy.c + int main (argc, argv) int argc; char **argv; { + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy "${UNAME_RELEASE}" \ + && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ + -o ${TARGET_BINARY_INTERFACE}x = x ] ; then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i?86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + sed 's/^ //' << EOF >dummy.c + #include <sys/systemcfg.h> + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:4) + if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=4.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[3478]??:HP-UX:*:*) + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; + 9000/8?? ) HP_ARCH=hppa1.0 ;; + esac + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + sed 's/^ //' << EOF >dummy.c + #include <unistd.h> + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*X-MP:*:*:*) + echo xmp-cray-unicos + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY-2:*:*:*) + echo cray2-cray-unicos + exit 0 ;; + F301:UNIX_System_V:4.1*:*) + echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` + exit 0 ;; + hp3[0-9][05]:NetBSD:*:*) + echo m68k-hp-netbsd${UNAME_RELEASE} + exit 0 ;; + hp3[0-9][05]:OpenBSD:*:*) + echo m68k-hp-openbsd${UNAME_RELEASE} + exit 0 ;; + i?86:BSD/386:*:* | *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + *:NetBSD:*:*) + echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + i*:CYGWIN*:*) + echo i386-pc-cygwin32 + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin32 + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + *:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. + ld_help_string=`ld --help 2>&1` + if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then + echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then + echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then + echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then + echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then + echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then + echo "powerpc-unknown-linux-gnu" ; exit 0 + elif test "${UNAME_MACHINE}" = "alpha" ; then + echo alpha-unknown-linux-gnu ; exit 0 + elif test "${UNAME_MACHINE}" = "sparc" ; then + echo sparc-unknown-linux-gnu ; exit 0 + else + # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us + # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. + test ! -d /usr/lib/ldscripts/. \ + && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 + # Determine whether the default compiler is a.out or elf + cat >dummy.c <<EOF +main(argc, argv) +int argc; +char *argv[]; +{ +#ifdef __ELF__ + printf ("%s-pc-linux-gnu\n", argv[1]); +#else + printf ("%s-pc-linux-gnuaout\n", argv[1]); +#endif + return 0; +} +EOF + ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + fi ;; +# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions +# are messed up and put the nodename in both sysname and nodename. + i?86:DYNIX/ptx:4*:*) + echo i386-sequent-sysv4 + exit 0 ;; + i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} + fi + exit 0 ;; + i?86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` + echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + elif /bin/uname -X 2>/dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` + (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + m68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) + UNAME_REL=4.3 + if test -f /etc/.relid; then + UNAME_REL=4.3.`awk '{ print $3 }' /etc/.relid` + fi + uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv$UNAME_REL && exit 0 + uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv$UNAME_REL && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i?86:LynxOS:2.*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes <hewes@openmarket.com>. + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + R3000:*System_V*:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +cat >dummy.c <<EOF +#ifdef _SEQUENT_ +# include <sys/types.h> +# include <sys/utsname.h> +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include <sys/param.h> + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + printf ("%s-next-%s%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +#if !defined (ultrix) + printf ("vax-dec-bsd\n"); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 +rm -f dummy.c dummy + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +#echo '(Unable to guess system type)' 1>&2 + +exit 1 diff --git a/config.sub b/config.sub new file mode 100755 index 000000000..48ffafcd3 --- /dev/null +++ b/config.sub @@ -0,0 +1,927 @@ +#! /bin/sh +# Configuration validation subroutine script, version 1.1. +# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +if [ x$1 = x ] +then + echo Configuration name missing. 1>&2 + echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 + echo "or $0 ALIAS" 1>&2 + echo where ALIAS is a recognized configuration type. 1>&2 + exit 1 +fi + +# First pass through any local machine types. +case $1 in + *local*) + echo $1 + exit 0 + ;; + *) + ;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + linux-gnu*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple) + os= + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ + | arme[lb] | pyramid \ + | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ + | alpha | we32k | ns16k | clipper | i370 | sh \ + | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ + | pdp11 | mips64el | mips64orion | mips64orionel \ + | sparc | sparclet | sparclite | sparc64) + basic_machine=$basic_machine-unknown + ;; + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i[3456]86) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ + | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ + | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ + | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ + | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ + | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-cbm + ;; + amigados) + basic_machine=m68k-cbm + os=-amigados + ;; + amigaunix | amix) + basic_machine=m68k-cbm + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | ymp) + basic_machine=ymp-cray + os=-unicos + ;; + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [ctj]90-cray) + #basic_machine=c90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + os=-mvs + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i[3456]86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i[3456]86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i[3456]86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i[3456]86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + miniframe) + basic_machine=m68000-convergent + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + np1) + basic_machine=np1-gould + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5) + basic_machine=i586-intel + ;; + pentiumpro | p6) + basic_machine=i686-intel + ;; + pentium-* | p5-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + k5) + # We don't have specific support for AMD's K5 yet, so just call it a Pentium + basic_machine=i586-amd + ;; + nexen) + # We don't have specific support for Nexgen yet, so just call it a Pentium + basic_machine=i586-nexgen + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=rs6000-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + xmp) + basic_machine=xmp-cray + os=-unicos + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + mips) + basic_machine=mips-mips + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sparc) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -unixware* | svr4*) + os=-sysv4 + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -linux-gnu* | -uxpv*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -ctix* | -uts*) + os=-sysv + ;; + -ns2 ) + os=-nextstep2 + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -xenix) + os=-xenix + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-semi) + os=-aout + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-ibm) + os=-aix + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigados + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f301-fujitsu) + os=-uxpv + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -hpux*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os diff --git a/configure.in b/configure.in index ad4911044..001147784 100644 --- a/configure.in +++ b/configure.in @@ -3,6 +3,10 @@ AC_REVISION($Revision$) AC_INIT(lib/krb5/send_to_kdc.c) AC_CONFIG_HEADER(config.h) +AC_CANONICAL_HOST +CANONICAL_HOST=$host +AC_SUBST(CANONICAL_HOST) + PACKAGE=heimdal VERSION=0.0 AC_SUBST(PACKAGE) @@ -19,6 +23,8 @@ AC_PROG_MAKE_SET AC_LN_S AC_ARG_PROGRAM +CFLAGS="-g" + dnl Checks for libraries. dnl Checks for header files. diff --git a/include/Makefile.in b/include/Makefile.in index d436fe4db..98a5d1432 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -1,4 +1,4 @@ -HEADERS = krb5.h asn1.h des.h md4.h bits.h cache.h config_file.h +HEADERS = krb5.h asn1.h des.h md4.h bits.h cache.h keytab.h config_file.h srcdir = @srcdir@ VPATH = $(srcdir) diff --git a/kuser/Makefile.am b/kuser/Makefile.am index b5df6194f..50e171ebf 100644 --- a/kuser/Makefile.am +++ b/kuser/Makefile.am @@ -3,6 +3,6 @@ AUTOHEADER_FLAGS = no-dependencies INCLUDES = -I$(top_builddir)/include -bin_PROGRAMS = kinit klist +bin_PROGRAMS = kinit klist kfoo LDADD = -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes -L$(top_builddir)/lib/asn1 -lasn1 diff --git a/kuser/kfoo.c b/kuser/kfoo.c new file mode 100644 index 000000000..0c439ce26 --- /dev/null +++ b/kuser/kfoo.c @@ -0,0 +1,18 @@ +#include <krb5.h> + +main(int argc, char **argv) +{ + int ret; + krb5_context context; + krb5_ccache cache; + krb5_creds in, *out; + krb5_init_context(&context); + krb5_cc_default(context, &cache); + memset(&in, 0, sizeof(in)); + krb5_cc_get_principal(context, cache, &in.client); + krb5_parse_name(context, "hosts/farbrorn@pdc.kth.se", &in.server); + in.times.endtime = time(NULL) + 4711; + ret = krb5_get_credentials(context, 0, cache, &in, &out); + + printf("%d\n", ret); +} diff --git a/kuser/kinit.c b/kuser/kinit.c index 3b321367b..30d6124e0 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -1,4 +1,5 @@ #include <stdio.h> +#include <string.h> #include <krb5.h> int @@ -30,13 +31,15 @@ main (int argc, char **argv) cred.client = principal; cred.times.endtime = time (NULL) + 4711; - err = krb5_build_principal (context, - &cred.server, - principal->realm.length, - principal->realm.data, - "krbtgt", - principal->realm.data, - NULL); + err = krb5_build_principal_ext (context, + &cred.server, + principal->realm.length, + principal->realm.data, + strlen("krbtgt"), + "krbtgt", + principal->realm.length, + principal->realm.data, + NULL); if (err) abort (); cred.server->type = KRB5_NT_SRV_INST; @@ -51,8 +54,8 @@ main (int argc, char **argv) &cred, NULL); if (err) - abort (); - + abort (); + krb5_free_context (context); return 0; } diff --git a/lib/asn1/der_get.c b/lib/asn1/der_get.c index 61b51d3c5..44ef99bac 100644 --- a/lib/asn1/der_get.c +++ b/lib/asn1/der_get.c @@ -5,6 +5,7 @@ #endif #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <time.h> #include "der.h" @@ -209,7 +210,7 @@ generalizedtime2time (char *s, time_t *t) tm.tm_isdst = 0; *t = mktime(&tm); -#if 0 /* XXX */ +#if 1 /* XXX */ *t -= timezone; #endif } @@ -219,6 +220,7 @@ decode_generalized_time (unsigned char *p, int len, void *data) { time_t *t = (time_t *)data; krb5_data k; + char times[32]; /* XXX */ int ret = 0; int l; @@ -234,7 +236,9 @@ decode_generalized_time (unsigned char *p, int len, void *data) p += l; len -= l; ret += l; - generalizedtime2time (k.data, t); + strncpy(times, (char*)k.data, k.len); + times[k.len] = 0; + generalizedtime2time (times, t); free (k.data); return ret; } diff --git a/lib/asn1/der_put.c b/lib/asn1/der_put.c index db7a738d4..158a65d02 100644 --- a/lib/asn1/der_put.c +++ b/lib/asn1/der_put.c @@ -6,6 +6,7 @@ #include <stdio.h> #include <stdlib.h> #include <time.h> +#include <string.h> #include "der.h" /* diff --git a/lib/asn1/gen.c b/lib/asn1/gen.c index 031f520d0..e5080b911 100644 --- a/lib/asn1/gen.c +++ b/lib/asn1/gen.c @@ -40,7 +40,7 @@ close_generate () void generate_constant (Symbol *s) { - fprintf (headerfile, "static const int %s = %d;\n\n", + fprintf (headerfile, "enum { %s = %d };\n\n", s->gen_name, s->constant); } diff --git a/lib/asn1/k5.asn1 b/lib/asn1/k5.asn1 index 36e1d10ca..271336e53 100644 --- a/lib/asn1/k5.asn1 +++ b/lib/asn1/k5.asn1 @@ -324,5 +324,15 @@ krb-priv INTEGER ::= 21 -- Private (encrypted) application message krb-cred INTEGER ::= 22 -- Private (encrypted) message to forward credentials krb-error INTEGER ::= 30 -- Error response +-- pa-data types + +pa-tgs-req INTEGER ::= 1 -- + +-- checksumtypes + +CRC32 INTEGER ::= 1 -- +rsa-md4 INTEGER ::= 2 -- + + END diff --git a/lib/asn1/symbol.c b/lib/asn1/symbol.c index f1ebb8020..6314afd82 100644 --- a/lib/asn1/symbol.c +++ b/lib/asn1/symbol.c @@ -4,6 +4,7 @@ #include <config.h> #endif #include <string.h> +#include <stdlib.h> #include "symbol.h" #include "hash.h" diff --git a/lib/des/Makefile.am b/lib/des/Makefile.am index c102f5bf6..549b2d3ce 100644 --- a/lib/des/Makefile.am +++ b/lib/des/Makefile.am @@ -10,5 +10,5 @@ include_HEADERS = des.h des_SOURCES =cbc3_enc.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ede_enc.c fcrypt.c key_par.c ncbc_enc.c ofb64ede.c \ ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c read_pwd.c rnd_keys.c \ - str2key.c cbc_cksm.c ecb_enc.c set_key.c + str2key.c cbc_cksm.c ecb_enc.c set_key.c md4.c diff --git a/lib/des/md4.c b/lib/des/md4.c new file mode 100644 index 000000000..af35d7f97 --- /dev/null +++ b/lib/des/md4.c @@ -0,0 +1,256 @@ +/* + * Copyright (c) 1995, 1996 Kungliga Tekniska Högskolan (Royal Institute + * of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id$"); +#endif + +#include <stdlib.h> +#include <string.h> + +#include "md4.h" + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define X data + +void +md4_init (struct md4 *m) +{ + m->offset = 0; + m->sz = 0; + D = 0x10325476; + C = 0x98badcfe; + B = 0xefcdab89; + A = 0x67452301; +} + +static u_int32_t +cshift (u_int32_t x, unsigned n) +{ + return (x << n) | (x >> (32 - n)); +} + +#define F(x,y,z) ((x & y) | (~x & z)) +#define G(x,y,z) ((x & y) | (x & z) | (y & z)) +#define H(x,y,z) (x ^ y ^ z) + +#define DOIT(a,b,c,d,k,s,i,OP) \ +a = cshift(a + OP(b,c,d) + X[k] + i, s) + +#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) +#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) +#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) + +static void +calc (struct md4 *m, u_int32_t *data) +{ + u_int32_t AA, BB, CC, DD; + + AA = A; + BB = B; + CC = C; + DD = D; + + /* Round 1 */ + + DO1(A,B,C,D,0,3,0); + DO1(D,A,B,C,1,7,0); + DO1(C,D,A,B,2,11,0); + DO1(B,C,D,A,3,19,0); + + DO1(A,B,C,D,4,3,0); + DO1(D,A,B,C,5,7,0); + DO1(C,D,A,B,6,11,0); + DO1(B,C,D,A,7,19,0); + + DO1(A,B,C,D,8,3,0); + DO1(D,A,B,C,9,7,0); + DO1(C,D,A,B,10,11,0); + DO1(B,C,D,A,11,19,0); + + DO1(A,B,C,D,12,3,0); + DO1(D,A,B,C,13,7,0); + DO1(C,D,A,B,14,11,0); + DO1(B,C,D,A,15,19,0); + + /* Round 2 */ + + DO2(A,B,C,D,0,3,0x5A827999); + DO2(D,A,B,C,4,5,0x5A827999); + DO2(C,D,A,B,8,9,0x5A827999); + DO2(B,C,D,A,12,13,0x5A827999); + + DO2(A,B,C,D,1,3,0x5A827999); + DO2(D,A,B,C,5,5,0x5A827999); + DO2(C,D,A,B,9,9,0x5A827999); + DO2(B,C,D,A,13,13,0x5A827999); + + DO2(A,B,C,D,2,3,0x5A827999); + DO2(D,A,B,C,6,5,0x5A827999); + DO2(C,D,A,B,10,9,0x5A827999); + DO2(B,C,D,A,14,13,0x5A827999); + + DO2(A,B,C,D,3,3,0x5A827999); + DO2(D,A,B,C,7,5,0x5A827999); + DO2(C,D,A,B,11,9,0x5A827999); + DO2(B,C,D,A,15,13,0x5A827999); + + /* Round 3 */ + + DO3(A,B,C,D,0,3,0x6ED9EBA1); + DO3(D,A,B,C,8,9,0x6ED9EBA1); + DO3(C,D,A,B,4,11,0x6ED9EBA1); + DO3(B,C,D,A,12,15,0x6ED9EBA1); + + DO3(A,B,C,D,2,3,0x6ED9EBA1); + DO3(D,A,B,C,10,9,0x6ED9EBA1); + DO3(C,D,A,B,6,11,0x6ED9EBA1); + DO3(B,C,D,A,14,15,0x6ED9EBA1); + + DO3(A,B,C,D,1,3,0x6ED9EBA1); + DO3(D,A,B,C,9,9,0x6ED9EBA1); + DO3(C,D,A,B,5,11,0x6ED9EBA1); + DO3(B,C,D,A,13,15,0x6ED9EBA1); + + DO3(A,B,C,D,3,3,0x6ED9EBA1); + DO3(D,A,B,C,11,9,0x6ED9EBA1); + DO3(C,D,A,B,7,11,0x6ED9EBA1); + DO3(B,C,D,A,15,15,0x6ED9EBA1); + + A += AA; + B += BB; + C += CC; + D += DD; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu> + */ + +static u_int32_t +swap_u_int32_t (u_int32_t t) +{ +#if defined(WORDS_BIGENDIAN) +#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) + u_int32_t temp1, temp2; + + temp1 = ROL(t,16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +#else + return t; +#endif +} + +void +md4_update (struct md4 *m, void *v, size_t len) +{ + u_char *p = (u_char *)v; + m->sz += len; + if (m->offset == 0 && len % 64 == 0) + while (len > 0) { +#if defined(WORDS_BIGENDIAN) + { + int i; + u_int32_t *u = (u_int32_t *)p; + + for (i = 0; i < 16; ++i) + m->current[i] = swap_u_int32_t (u[i]); + } + calc (m, m->current); +#else + calc (m, (u_int32_t *)p); +#endif + p += 64; + len -= 64; + } + else + while (len > 0) { + unsigned l; + + l = min(64 - m->offset, len); + memcpy ((char *)m->current + m->offset, p, l); + p += l; + len -= l; + m->offset += l; + if (m->offset == 64) { +#if defined(WORDS_BIGENDIAN) + int i; + + for (i = 0; i < 16; ++i) + m->current[i] = swap_u_int32_t (m->current[i]); +#endif + calc (m, m->current); + m->offset = 0; + } + } +} + +void +md4_finito (struct md4 *m, void *res) +{ + static u_char zeros[72]; + u_int32_t len; + unsigned dstart = (120 - m->offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + len = 8 * m->sz; + len = swap_u_int32_t (len); + memcpy (zeros + dstart, &len, sizeof(len)); + md4_update (m, zeros, dstart + 8); + { + int i; + u_int32_t *r = (u_int32_t *)res; + + for (i = 0; i < 4; ++i) + r[i] = swap_u_int32_t (m->counter[i]); + } +} diff --git a/lib/des/md4.h b/lib/des/md4.h new file mode 100644 index 000000000..abea17de7 --- /dev/null +++ b/lib/des/md4.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996 Kungliga Tekniska Högskolan (Royal Institute + * of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#include <stdlib.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#include <bits.h> + +struct md4 { + unsigned offset; + u_int32_t counter[4]; + u_int32_t current[16]; + unsigned sz; +}; + +void md4_init (struct md4 *m); +void md4_update (struct md4 *m, void *p, size_t len); +void md4_finito (struct md4 *m, void *res); diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am index 1c3d77943..0c9f18b9b 100644 --- a/lib/krb5/Makefile.am +++ b/lib/krb5/Makefile.am @@ -8,7 +8,9 @@ lib_LIBRARIES = krb5 krb5_SOURCES = cache.c config_file.y constants.c context.c data.c \ get_addrs.c get_cred.c get_in_tkt.c get_in_tkt_pw.c get_port.c \ - krbhst.c misc.c principal.c principal_p.c send_to_kdc.c str2key.c + krbhst.c misc.c principal.c principal_p.c send_to_kdc.c str2key.c \ + mit-crc.c build_ap_req.c build_auth.c mk_req.c get_host_realm.c \ + auth_context.c rd_rep.c keytab.c config_file.c: config_file.y $(YACC) -p __k5cf_ $< diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c new file mode 100644 index 000000000..33c0c76ad --- /dev/null +++ b/lib/krb5/auth_context.c @@ -0,0 +1,27 @@ +#include "krb5_locl.h" + +krb5_error_code +krb5_auth_con_init(krb5_context context, + krb5_auth_context **auth_context) +{ + krb5_auth_context *p; + p = ALLOC(1, krb5_auth_context);; + if(!p) + return ENOMEM; + memset(p, 0, sizeof(p)); + p->authenticator = ALLOC(1, krb5_authenticator); + if (!p->authenticator) + return ENOMEM; + *auth_context = p; + return 0; +} + +krb5_error_code +krb5_auth_con_free(krb5_context context, + krb5_auth_context *auth_context, + krb5_flags flags) +{ + free (auth_context->authenticator); + free (auth_context); + return 0; +} diff --git a/lib/krb5/build_ap_req.c b/lib/krb5/build_ap_req.c new file mode 100644 index 000000000..c6a30e229 --- /dev/null +++ b/lib/krb5/build_ap_req.c @@ -0,0 +1,60 @@ +#include <krb5_locl.h> +#include <krb5_error.h> + +krb5_error_code +krb5_build_ap_req (krb5_context context, + krb5_creds *cred, + krb5_flags ap_options, + krb5_data authenticator, + krb5_data *ret) +{ + AP_REQ ap; + Ticket t; + des_cblock key; + des_key_schedule schedule; + u_int32_t crc; + unsigned char *p; + unsigned char buf[1024]; + + ap.pvno = 5; + ap.msg_type = krb_ap_req; + memset(&ap.ap_options, 0, sizeof(ap.ap_options)); + if (ap_options & AP_OPTS_USE_SESSION_KEY) + ap.ap_options.use_session_key = 1; + if (ap_options & AP_OPTS_MUTUAL_REQUIRED) + ap.ap_options.mutual_required = 1; + + ap.ticket.tkt_vno = 5; + ap.ticket.realm = malloc(cred->server->realm.length + 1); + strncpy(ap.ticket.realm, cred->server->realm.data, + cred->server->realm.length); + ap.ticket.realm[cred->server->realm.length] = '\0'; + krb5_principal2principalname(&ap.ticket.sname, cred->server); + + decode_Ticket(cred->ticket.data, cred->ticket.length, &t); + + ap.ticket.enc_part.etype = t.enc_part.etype; + ap.ticket.enc_part.kvno = NULL; + ap.ticket.enc_part.cipher = t.enc_part.cipher; + + memcpy(&key, cred->session.contents.data, sizeof(key)); + des_set_key (&key, schedule); + + /* authenticator */ + + des_cbc_encrypt (authenticator.data, + authenticator.data, + authenticator.length, + schedule, &key, DES_ENCRYPT); + + ap.authenticator.etype = ap.ticket.enc_part.etype; + ap.authenticator.kvno = NULL; + ap.authenticator.cipher = authenticator; + + ret->length = encode_AP_REQ(buf + sizeof(buf) - 1, sizeof(buf), &ap); + + ret->data = malloc(ret->length); + memcpy (ret->data, buf + sizeof(buf) - ret->length, ret->length); + + return 0; +} diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c new file mode 100644 index 000000000..907843eef --- /dev/null +++ b/lib/krb5/build_auth.c @@ -0,0 +1,52 @@ +#include <krb5_locl.h> +#include <krb5_error.h> +#include <md4.h> + +krb5_error_code +krb5_build_authenticator (krb5_context context, + krb5_principal client, + Checksum *cksum, + Authenticator **auth_result, + krb5_data *result) +{ + struct timeval tv; + Authenticator *auth = malloc(sizeof(*auth)); + char buf[1024]; + unsigned char *p; + int len; + struct md4 m; + u_int32_t crc; + + if (auth_result) + *auth_result = auth; + auth->authenticator_vno = 5; + auth->crealm = malloc(client->realm.length + 1); + strncpy(auth->crealm, client->realm.data, client->realm.length); + auth->crealm[client->realm.length] = '\0'; + krb5_principal2principalname(&auth->cname, client); + + gettimeofday(&tv, NULL); + auth->cusec = tv.tv_usec; + auth->ctime = tv.tv_sec; + auth->subkey = NULL; + auth->seq_number = NULL; + auth->authorization_data = NULL; + auth->cksum = cksum; + + memset (buf, 0, sizeof(buf)); + len = encode_Authenticator(buf + sizeof(buf) - 9, + sizeof(buf) - 8 - 12, + auth); + p = buf + sizeof(buf) - 8 - len; + + p -= 12; + len += 12; + len = (len + 7) & ~7; + crc_init_table (); + crc = crc_update(p, len, 0); + memcpy(p + 8, &crc, 4); + result->length = len; + result->data = malloc(len); + memcpy(result->data, p, len); + return 0; +} diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index 7e22452e9..2f6c7d00e 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -246,7 +246,7 @@ store_keyblock(int fd, krb5_keyblock p) static krb5_error_code ret_keyblock(int fd, krb5_keyblock *p) { - ret_int32(fd, (int32_t*)&p->keytype); + ret_int32(fd, (int32_t*)&p->keytype); /* keytype + etype */ ret_data(fd, &p->contents); return 0; } @@ -274,7 +274,7 @@ ret_times(int fd, krb5_times *times) static krb5_error_code store_address(int fd, krb5_address p) { - store_int32(fd, p.type); + store_int16(fd, p.type); store_data(fd, p.address); return 0; } @@ -282,7 +282,7 @@ store_address(int fd, krb5_address p) static krb5_error_code ret_address(int fd, krb5_address *adr) { - ret_int32(fd, (int32_t*)&adr->type); + ret_int16(fd, (int16_t*)&adr->type); ret_data(fd, &adr->address); return 0; } @@ -309,20 +309,6 @@ ret_addrs(int fd, krb5_addresses *adr) } static krb5_error_code -store_ticket(int fd, krb5_ticket p) -{ - store_data(fd, p.enc_part); - return 0; -} - -static krb5_error_code -ret_ticket(int fd, krb5_ticket *tkt) -{ - ret_data(fd, &tkt->enc_part); - return 0; -} - -static krb5_error_code store_authdata(int fd, krb5_data p) { store_data(fd, p); @@ -430,8 +416,8 @@ krb5_cc_store_cred(krb5_context context, store_int32(fd, 0); /* flags */ store_addrs(fd, creds->addresses); store_authdata(fd, creds->authdata); - store_ticket(fd, creds->ticket); - store_ticket(fd, creds->second_ticket); + store_data(fd, creds->ticket); + store_data(fd, creds->second_ticket); close(fd); return 0; /* XXX */ } @@ -440,19 +426,30 @@ static krb5_error_code krb5_cc_read_cred (int fd, krb5_creds *creds) { + int ret; int8_t dummy8; int32_t dummy32; - return ret_principal (fd, &creds->client) || - ret_principal (fd, &creds->server) || - ret_keyblock (fd, &creds->session) || - ret_times (fd, &creds->times) || - ret_int8 (fd, &dummy8) || - ret_int32 (fd, &dummy32) || - ret_addrs (fd, &creds->addresses) || - ret_authdata (fd, &creds->authdata) || - ret_ticket (fd, &creds->ticket) || - ret_ticket (fd, &creds->second_ticket); + ret = ret_principal (fd, &creds->client); + if(ret) return ret; + ret = ret_principal (fd, &creds->server); + if(ret) return ret; + ret = ret_keyblock (fd, &creds->session); + if(ret) return ret; + ret = ret_times (fd, &creds->times); + if(ret) return ret; + ret = ret_int8 (fd, &dummy8); + if(ret) return ret; + ret = ret_int32 (fd, &dummy32); + if(ret) return ret; + ret = ret_addrs (fd, &creds->addresses); + if(ret) return ret; + ret = ret_authdata (fd, &creds->authdata); + if(ret) return ret; + ret = ret_data (fd, &creds->ticket); + if(ret) return ret; + ret = ret_data (fd, &creds->second_ticket); + return ret; } krb5_error_code @@ -462,7 +459,17 @@ krb5_cc_retrieve_cred(krb5_context context, krb5_creds *mcreds, krb5_creds *creds) { - return 0; /* XXX */ + krb5_error_code ret; + krb5_cc_cursor cursor; + krb5_cc_get_first(context, id, &cursor); + while((ret = krb5_cc_get_next(context, id, creds, &cursor)) == 0){ + if(krb5_principal_compare(context, mcreds->server, creds->server)){ + ret = 0; + break; + } + } + krb5_cc_end_get(context, id, &cursor); + return ret; } krb5_error_code @@ -527,7 +534,15 @@ krb5_cc_get_first(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - return 0; /* XXX */ + int fd; + int16_t tag; + krb5_principal principal; + + fd = open(krb5_cc_get_name (context, id), O_RDONLY); + cursor->fd = fd; + ret_int16(fd, &tag); + ret_principal(fd, &principal); + return 0; } krb5_error_code @@ -536,7 +551,7 @@ krb5_cc_get_next(krb5_context context, krb5_creds *creds, krb5_cc_cursor *cursor) { - return 0; /* XXX */ + return krb5_cc_read_cred(cursor->fd, creds); } krb5_error_code @@ -544,7 +559,8 @@ krb5_cc_end_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - return 0; /* XXX */ + close(cursor->fd); + return 0; } krb5_error_code diff --git a/lib/krb5/crc.c b/lib/krb5/crc.c new file mode 100644 index 000000000..9ec0de7e3 --- /dev/null +++ b/lib/krb5/crc.c @@ -0,0 +1,33 @@ +#include <stdio.h> +#include "crc.h" + +static u_long table[256]; + +void +crc_init_table( ) +{ + unsigned long crc, poly; + int i, j; + + poly = 0xEDB88320L; + for (i = 0; i < 256; i++) { + crc = i; + for (j = 8; j > 0; j--) { + if (crc & 1) { + crc = (crc >> 1) ^ poly; + } else { + crc >>= 1; + } + } + table[i] = crc; + } +} + +u_long +crc_update (char *p, size_t len, u_long res) +{ + res ^= 0xFFFFFFFF; + while (len--) + res = table[(res ^ *p++) & 0xFF] ^ (res >> 8); + return res & 0xFFFFFFFF; +} diff --git a/lib/krb5/crc.h b/lib/krb5/crc.h new file mode 100644 index 000000000..52c78511b --- /dev/null +++ b/lib/krb5/crc.h @@ -0,0 +1,6 @@ +#include <sys/types.h> + +#define CRC_GEN 0xEDB88320L + +void crc_init_table (); +u_long crc_update (char *p, size_t len, u_long res); diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 408321562..29c22bbb6 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -1,82 +1,316 @@ #include <krb5_locl.h> #include <krb5_error.h> +#include <md4.h> /* * */ + + +static krb5_error_code +key_proc (krb5_context context, + krb5_keytype type, + krb5_data *salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) +{ + *key = malloc (sizeof (**key)); + if (*key == NULL) + return ENOMEM; + (*key)->keytype = type; + (*key)->contents.length = 8; + (*key)->contents.data = malloc(8); + memcpy((*key)->contents.data, keyseed, 8); + return 0; +} + +int +extract_ticket(krb5_context context, + krb5_kdc_rep *rep, + krb5_creds **creds, + krb5_key_proc key_proc, + krb5_const_pointer keyseed, + krb5_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg); + + krb5_error_code krb5_get_credentials (krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds *in_creds, - krb5_creds *out_creds) + krb5_creds **out_creds) { - return 17; + krb5_error_code err; + TGS_REQ a; + Authenticator auth; + krb5_data authenticator; + Checksum c; + AP_REQ ap; + krb5_kdc_rep rep; + KRB_ERROR error; + krb5_data req, resp; + char buf[BUFSIZ]; + int i; + unsigned char data[1024], buf2[1024]; + int len; + + PA_DATA foo; + + + des_key_schedule schedule; + des_cblock key; + + /* + * XXX - Check if cred found in ccache + */ + + /* + * Prepare Tgs_Req. + */ + + err = krb5_get_default_in_tkt_etypes (context, + (krb5_enctype**)&a.req_body.etype.val); + if (err) + return err; + a.req_body.etype.len = 1; + + + a.req_body.addresses = malloc(sizeof(*a.req_body.addresses)); + + err = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses); + if (err) + return err; + + a.pvno = 5; + a.msg_type = krb_tgs_req; + memset (&a.req_body.kdc_options, 0, sizeof(a.req_body.kdc_options)); + /* a.kdc_options */ + + a.req_body.realm = malloc(in_creds->server->realm.length + 1); + strncpy (a.req_body.realm, in_creds->server->realm.data, + in_creds->server->realm.length); + a.req_body.realm[in_creds->server->realm.length] = '\0'; + + a.req_body.sname = malloc(sizeof(*a.req_body.sname)); + krb5_principal2principalname(a.req_body.sname, in_creds->server); + a.req_body.from = NULL; + a.req_body.till = in_creds->times.endtime; + a.req_body.rtime = NULL; + a.req_body.nonce = getpid(); + a.req_body.additional_tickets = NULL; + a.req_body.enc_authorization_data = NULL; + + { + char buf[1024]; + int len; + struct md4 m; + Checksum c; + + len = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf), + &a.req_body); + md4_init(&m); + md4_update(&m, buf + sizeof(buf) - len, len); + c.cksumtype = rsa_md4; + c.checksum.length = 16; + c.checksum.data = malloc(16); + md4_finito(&m, c.checksum.data); + krb5_build_authenticator (context, in_creds->client, + &c, NULL, &authenticator); + } + +#if 0 + { + struct timeval tv; + auth.authenticator_vno = 5; + krb5_cc_get_principal(context, ccache, &out_creds->client); + + auth.crealm = malloc(out_creds->client->realm.length + 1); + strncpy (auth.crealm, out_creds->client->realm.data, + out_creds->client->realm.length); + auth.crealm[out_creds->client->realm.length] = 0; + krb5_principal2principalname(&auth.cname, out_creds->client); + gettimeofday(&tv, NULL); + { + char buf[1024]; + int len; + struct md4 m; + len = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf), + &a.req_body); + md4_init(&m); + md4_update(&m, buf + sizeof(buf) - len, len); + c.cksumtype = rsa_md4; + c.checksum.length = 16; + c.checksum.data = malloc(16); + md4_finito(&m, c.checksum.data); + auth.cksum = &c; + } + auth.cusec = tv.tv_usec; + auth.ctime = tv.tv_sec; + auth.subkey = NULL; + auth.seq_number = NULL; + auth.authorization_data = NULL; + + } +#endif + +#if 0 + /* +AP-REQ ::= [APPLICATION 14] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + ap-options[2] APOptions, + ticket[3] Ticket, + authenticator[4] EncryptedData } +*/ + { + krb5_creds cred, mcred; + ap.pvno = 5; + ap.msg_type = krb_ap_req; + memset(&ap.ap_options, 0, sizeof(ap.ap_options)); + /* ap.ap_options.use_session_key = 1;*/ + krb5_build_principal(context, &mcred.server, + out_creds->client.realm.length, + out_creds->client.realm.data, + "krbtgt", a.req_body.realm, NULL); + krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); + + /* + tkt-vno[0] INTEGER, + realm[1] Realm, + sname[2] PrincipalName, + enc-part[3] EncryptedData + */ + ap.ticket.tkt_vno = 5; + ap.ticket.realm = (char*)malloc(cred.server->realm.length + 1); + strncpy(ap.ticket.realm, cred.server->realm.data, + cred.server->realm.length); + ap.ticket.realm[cred.server->realm.length] = 0; + krb5_principal2principalname(&ap.ticket.sname, cred.server); + + { + Ticket t; + decode_Ticket(cred.ticket.data, + cred.ticket.length, + &t); + + ap.ticket.enc_part.etype = t.enc_part.etype; + ap.ticket.enc_part.kvno = NULL; + ap.ticket.enc_part.cipher = t.enc_part.cipher; + } + memcpy(&key, cred.session.contents.data, sizeof(key)); + des_set_key(cred.session.contents.data, schedule); + } +#endif + #if 0 + { + u_int32_t crc; + unsigned char *p; - krb5_error_code err; - Tgs_Req a; - krb5_kdc_rep rep; - krb5_data req, resp; - char buf[BUFSIZ]; - int i; - Buffer buffer; + memset(data, 0, sizeof(data)); + len = encode_Authenticator(data + sizeof(data) - 9, + sizeof(data) - 8 - 12, &auth); + p = data + sizeof(data) - 8 - len; + + p -= 12; + len += 12; + len = (len + 7) & ~7; + crc_init_table(); + crc = crc_update(p, len, 0); + /* crc = htonl(crc); */ + memcpy(p + 8, &crc, 4); +#if 0 + des_cbc_encrypt((void*)p, (void*)p, len, schedule, &key, DES_ENCRYPT); +#endif +#if 0 + ap.authenticator.etype = ap.ticket.enc_part.etype; + ap.authenticator.kvno = NULL; + ap.authenticator.cipher.data = p; /* p */ + ap.authenticator.cipher.length = len; /* len */ +#endif - /* - * XXX - Check if cred found in ccache - */ + authenticator.data = p; + authenticator.length = len; + } +#endif - /* - * Prepare Tgs_Req. - */ + { + krb5_creds cred, mcred; - err = krb5_get_default_in_tkt_etypes (context, &a.etypes); - if (err) - return err; - a.num_etypes = 1; + krb5_build_principal(context, &mcred.server, + in_creds->client->realm.length, + in_creds->client->realm.data, + "krbtgt", a.req_body.realm, NULL); + krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); + memcpy(&key, cred.session.contents.data, sizeof(key)); - err = krb5_get_all_client_addrs (&a.addrs); - if (err) + foo.padata_type = pa_tgs_req; + err = krb5_build_ap_req(context, &cred, + 0, + authenticator, + &foo.padata_value); + if(err) return err; + } - a.pvno = 5; - a.msg_type = KRB_TGS_REQ; - memset (&a.kdc_options, 0, sizeof(a.kdc_options)); - /* a.kdc_options */ - a.realm.length = 0; - krb5_data_copy (&a.realm, in_creds->server->realm.data, - in_creds->server->realm.length); - krb5_copy_principal (context, in_creds->server, &a.sname); - a.till = in_creds->times.endtime; - a.nonce = 17; - a.cname = NULL; - - /* - * Encode - */ - - req.length = der_put_as_req (buf + sizeof (buf) - 1, &a); - req.data = buf + sizeof(buf) - req.length; - - for (i = 0; i < a.addrs.number; ++i) - krb5_data_free (&a.addrs.addrs[i].address); - free (a.addrs.addrs); - - /* - * Send and receive - */ - - err = krb5_sendto_kdc (context, &req, &a.realm, &resp); - if (err) { - return err; - } - buf_init (&buffer, resp.data, resp.length); - if (der_get_tgs_rep (&buffer, &rep) == -1) { - return ASN1_PARSE_ERROR; - } + a.padata = malloc(sizeof(*a.padata)); + a.padata->len = 1; + a.padata->val = &foo; -} +#if 0 + foo.padata_value.length = encode_AP_REQ(buf2 + sizeof(buf2) - 1, + sizeof(buf2), &ap); + foo.padata_value.data = buf2 + sizeof(buf2) - foo.padata_value.length; + a.padata = malloc(sizeof(*a.padata)); + a.padata->len = 1; + a.padata->val = &foo; #endif + + /* + * Encode + */ + + req.length = encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf), &a); + req.data = buf + sizeof(buf) - req.length; + + for (i = 0; i < a.req_body.addresses->len; ++i) + krb5_data_free (&a.req_body.addresses->val[i].address); + free (a.req_body.addresses->val); + + /* + * Send and receive + */ + + { + TGS_REQ xx; + decode_TGS_REQ (req.data, req.length, &xx); + req.length = req.length; + } + + err = krb5_sendto_kdc (context, &req, &in_creds->server->realm, &resp); + if (err) { + return err; + } + switch(((unsigned char*)resp.data)[0] & 0x1f){ + case krb_error: + len = decode_TGS_REP(resp.data, resp.length, &error); + if(len < 0) + return ASN1_PARSE_ERROR; + break; + case krb_tgs_rep: + len = decode_TGS_REP(resp.data, resp.length, &rep.part1); + if(len < 0) + return ASN1_PARSE_ERROR; + out_creds = malloc(sizeof(*out_creds)); + *out_creds = NULL; + err = extract_ticket(context, &rep, *out_creds, key_proc, key, NULL, NULL); + if(err) + return err; + return krb5_cc_store_cred (context, ccache, out_creds); + break; + } +} diff --git a/lib/krb5/get_host_realm.c b/lib/krb5/get_host_realm.c new file mode 100644 index 000000000..a1f61dc60 --- /dev/null +++ b/lib/krb5/get_host_realm.c @@ -0,0 +1,12 @@ +#include "krb5_locl.h" + +krb5_error_code +krb5_get_host_realm(krb5_context context, + const char *host, + char ***realms) +{ + *realms = malloc(2 * sizeof(char*)); + (*realms)[0] = strdup("FOO.SE"); + (*realms)[1] = NULL; + return 0; +} diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 2faa45e60..98ec0e9ea 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -6,25 +6,25 @@ krb5_get_salt (krb5_principal princ, krb5_data realm, krb5_data *salt) { - size_t len; - int i; - krb5_error_code err; - char *p; + size_t len; + int i; + krb5_error_code err; + char *p; - len = realm.length; - for (i = 0; i < princ->ncomp; ++i) - len += princ->comp[i].length; - err = krb5_data_alloc (salt, len); - if (err) - return err; - p = salt->data; - strncpy (p, realm.data, realm.length); - p += realm.length; - for (i = 0; i < princ->ncomp; ++i) { - strncpy (p, princ->comp[i].data, princ->comp[i].length); - p += princ->comp[i].length; - } - return 0; + len = realm.length; + for (i = 0; i < princ->ncomp; ++i) + len += princ->comp[i].length; + err = krb5_data_alloc (salt, len); + if (err) + return err; + p = salt->data; + strncpy (p, realm.data, realm.length); + p += realm.length; + for (i = 0; i < princ->ncomp; ++i) { + strncpy (p, princ->comp[i].data, princ->comp[i].length); + p += princ->comp[i].length; + } + return 0; } static krb5_error_code @@ -33,28 +33,28 @@ decrypt_tkt (krb5_context context, krb5_const_pointer decrypt_arg, krb5_kdc_rep *dec_rep) { - des_key_schedule sched; - char *buf; - int i; - int len = dec_rep->part1.enc_part.cipher.length; + des_key_schedule sched; + char *buf; + int i; + int len = dec_rep->part1.enc_part.cipher.length; - des_set_key (key->contents.data, sched); - buf = malloc (len); - if (buf == NULL) - return ENOMEM; - des_cbc_encrypt ((des_cblock *)dec_rep->part1.enc_part.cipher.data, - (des_cblock *)buf, - len, - sched, - key->contents.data, - DES_DECRYPT); - /* XXX: Check CRC */ + des_set_key (key->contents.data, sched); + buf = malloc (len); + if (buf == NULL) + return ENOMEM; + des_cbc_encrypt ((des_cblock *)dec_rep->part1.enc_part.cipher.data, + (des_cblock *)buf, + len, + sched, + key->contents.data, + DES_DECRYPT); + /* XXX: Check CRC */ - i = decode_EncTGSRepPart((unsigned char*)buf + 12, len - 12, &dec_rep->part2); - free (buf); - if (i < 0) - return ASN1_PARSE_ERROR; - return 0; + i = decode_EncTGSRepPart((unsigned char*)buf + 12, len - 12, &dec_rep->part2); + free (buf); + if (i < 0) + return ASN1_PARSE_ERROR; + return 0; } /* @@ -65,38 +65,149 @@ krb5_error_code krb5_principal2principalname (PrincipalName *p, krb5_principal from) { - int i; + int i; - p->name_type = from->type; - p->name_string.len = from->ncomp; - p->name_string.val = malloc(from->ncomp * sizeof(*p->name_string.val)); - for (i = 0; i < from->ncomp; ++i) { - int len = from->comp[i].length; - p->name_string.val[i] = malloc(len + 1); - strncpy (p->name_string.val[i], from->comp[i].data, len); - p->name_string.val[i][len] = '\0'; - } - return 0; + p->name_type = from->type; + p->name_string.len = from->ncomp; + p->name_string.val = malloc(from->ncomp * sizeof(*p->name_string.val)); + for (i = 0; i < from->ncomp; ++i) { + int len = from->comp[i].length; + p->name_string.val[i] = malloc(len + 1); + strncpy (p->name_string.val[i], from->comp[i].data, len); + p->name_string.val[i][len] = '\0'; + } + return 0; } krb5_error_code -principalname2krb5_principal (krb5_principal p, +principalname2krb5_principal (krb5_principal *principal, PrincipalName from, - krb5_data realm) + char *realm) { - int i; + int i; + krb5_principal p; + p = malloc (sizeof(*p)); + p->type = from.name_type; + p->ncomp = from.name_string.len; + p->comp = malloc (p->ncomp * sizeof(*p->comp)); + for (i = 0; i < p->ncomp; ++i) { + int len = strlen(from.name_string.val[i]); + p->comp[i].length = len; + p->comp[i].data = strdup(from.name_string.val[i]); + } + p->realm.data = strdup(realm); + p->realm.length = strlen(realm); + *principal = p; + return 0; +} + + +int +extract_ticket(krb5_context context, + krb5_kdc_rep *rep, + krb5_creds *creds, + krb5_key_proc key_proc, + krb5_const_pointer keyseed, + krb5_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg) +{ + krb5_keyblock *key; + krb5_error_code err; + krb5_data salt; + + principalname2krb5_principal(&creds->client, + rep->part1.cname, + rep->part1.crealm); + free (rep->part1.crealm); + /* krb5_principal_free (rep.part1.cname);*/ + { + char buf[1024]; + int len; + len = encode_Ticket(buf + sizeof(buf) - 1, sizeof(buf), + &rep->part1.ticket); + creds->ticket.data = malloc(len); + memcpy(creds->ticket.data, buf + sizeof(buf) - len, len); + creds->ticket.length = len; + creds->second_ticket.length = 0; + } + /* krb5_free_principal (rep->part1.ticket.sprinc);*/ + + salt.length = 0; + salt.data = NULL; + err = krb5_get_salt (creds->client, creds->client->realm, &salt); + + if (err) + return err; + + err = (*key_proc)(context, rep->part1.enc_part.etype, &salt, + keyseed, &key); + krb5_data_free (&salt); + if (err) + return err; + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + + err = (*decrypt_proc)(context, key, decryptarg, rep); + if (err) + return err; + memset (key->contents.data, 0, key->contents.length); + krb5_data_free (&key->contents); + free (key); + + principalname2krb5_principal(&creds->server, + rep->part1.ticket.sname, + rep->part1.ticket.realm); + + if (rep->part2.key_expiration) + free (rep->part2.key_expiration); + if (rep->part2.starttime) { + creds->times.starttime = *rep->part2.starttime; + free (rep->part2.starttime); + } else + creds->times.starttime = rep->part2.authtime; + if (rep->part2.renew_till) { + creds->times.renew_till = *rep->part2.renew_till; + free (rep->part2.renew_till); + } else + creds->times.renew_till = 0; + creds->times.authtime = rep->part2.authtime; + creds->times.endtime = rep->part2.endtime; + creds->addresses.number = 0; + creds->addresses.addrs = NULL; +#if 0 /* What? */ + if (rep->part2.req.values) + free (rep->part2.req.values); +#endif +#if 0 + if (rep->part2.caddr.addrs) { + int i; + + for (i = 0; i < rep->part2.caddr.number; ++i) { + krb5_data_free (&rep->part2.caddr.addrs[i].address); + } + free (rep->part2.caddr.addrs); + } + krb5_principal_free (rep->part2.sname); + krb5_data_free (&rep->part2.srealm); +#endif + + if (err) + return err; + + creds->session.contents.length = 0; + creds->session.contents.data = NULL; + creds->session.keytype = rep->part2.key.keytype; + err = krb5_data_copy (&creds->session.contents, + rep->part2.key.keyvalue.data, + rep->part2.key.keyvalue.length); + memset (rep->part2.key.keyvalue.data, 0, + rep->part2.key.keyvalue.length); + krb5_data_free (&rep->part2.key.keyvalue); + creds->authdata.length = 0; + creds->authdata.data = NULL; - p = malloc (sizeof(*p)); - p->type = from.name_type; - p->ncomp = from.name_string.len; - p->comp = malloc (p->ncomp * sizeof(*p->comp)); - for (i = 0; i < p->ncomp; ++i) { - int len = strlen(from.name_string.val[i]) + 1; - p->comp[i].length = len; - p->comp[i].data = strdup(from.name_string.val[i]); - } - p->realm = realm; - return 0; + return err; } /* @@ -117,155 +228,72 @@ krb5_get_in_tkt(krb5_context context, krb5_ccache ccache, krb5_kdc_rep **ret_as_reply) { - krb5_error_code err; - AS_REQ a; - krb5_kdc_rep rep; - krb5_data req, resp; - char buf[BUFSIZ]; - krb5_data salt; - krb5_keyblock *key; - - a.pvno = 5; - a.msg_type = krb_as_req; - memset (&a.req_body.kdc_options, 0, sizeof(a.req_body.kdc_options)); -/* a.kdc_options */ - a.req_body.cname = malloc(sizeof(*a.req_body.cname)); - a.req_body.sname = malloc(sizeof(*a.req_body.sname)); - krb5_principal2principalname (a.req_body.cname, creds->client); - krb5_principal2principalname (a.req_body.sname, creds->server); - a.req_body.realm = malloc(creds->client->realm.length + 1); - strncpy (a.req_body.realm, creds->client->realm.data, - creds->client->realm.length); - a.req_body.realm[creds->client->realm.length] = '\0'; - - a.req_body.till = creds->times.endtime; - a.req_body.nonce = 17; - if (etypes) - abort (); - else { - err = krb5_get_default_in_tkt_etypes (context, - (krb5_enctype**)&a.req_body.etype.val); - if (err) - return err; - a.req_body.etype.len = 1; - } - if (addrs){ - } else { - a.req_body.addresses = malloc(sizeof(*a.req_body.addresses)); + krb5_error_code err; + AS_REQ a; + krb5_kdc_rep rep; + krb5_data req, resp; + char buf[BUFSIZ]; - err = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses); - if (err) - return err; - } - a.req_body.enc_authorization_data = NULL; - a.req_body.additional_tickets = NULL; - a.padata = NULL; + a.pvno = 5; + a.msg_type = krb_as_req; + memset (&a.req_body.kdc_options, 0, sizeof(a.req_body.kdc_options)); + /* a.kdc_options */ + a.req_body.cname = malloc(sizeof(*a.req_body.cname)); + a.req_body.sname = malloc(sizeof(*a.req_body.sname)); + krb5_principal2principalname (a.req_body.cname, creds->client); + krb5_principal2principalname (a.req_body.sname, creds->server); + a.req_body.realm = malloc(creds->client->realm.length + 1); + strncpy (a.req_body.realm, creds->client->realm.data, + creds->client->realm.length); + a.req_body.realm[creds->client->realm.length] = '\0'; - req.length = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, - sizeof(buf), - &a); - if (req.length < 0) - return ASN1_PARSE_ERROR; - req.data = buf + sizeof(buf) - req.length; - if (addrs == NULL) { - int i; + a.req_body.till = creds->times.endtime; + a.req_body.nonce = 17; + if (etypes) + abort (); + else { + err = krb5_get_default_in_tkt_etypes (context, + (krb5_enctype**)&a.req_body.etype.val); + if (err) + return err; + a.req_body.etype.len = 1; + } + if (addrs){ + } else { + a.req_body.addresses = malloc(sizeof(*a.req_body.addresses)); - for (i = 0; i < a.req_body.addresses->len; ++i) - krb5_data_free (&a.req_body.addresses->val[i].address); - free (a.req_body.addresses->val); - } + err = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses); + if (err) + return err; + } + a.req_body.enc_authorization_data = NULL; + a.req_body.additional_tickets = NULL; + a.padata = NULL; - err = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); - if (err) { - return err; - } - if(decode_AS_REP(resp.data, resp.length, &rep.part1) < 0) - return ASN1_PARSE_ERROR; - - free (rep.part1.crealm); - /* krb5_principal_free (rep.part1.cname);*/ - creds->ticket.kvno = rep.part1.ticket.tkt_vno; - creds->ticket.etype = rep.part1.enc_part.etype; - creds->ticket.enc_part.length = 0; - creds->ticket.enc_part.data = NULL; - krb5_data_copy (&creds->ticket.enc_part, - rep.part1.ticket.enc_part.cipher.data, - rep.part1.ticket.enc_part.cipher.length); - krb5_data_free (&rep.part1.ticket.enc_part.cipher); - - principalname2krb5_principal (creds->ticket.sprinc, - rep.part1.ticket.sname, - creds->client->realm); - /* krb5_free_principal (rep.part1.ticket.sprinc);*/ - - salt.length = 0; - salt.data = NULL; - err = krb5_get_salt (creds->client, creds->client->realm, &salt); - if (err) - return err; - err = (*key_proc)(context, rep.part1.enc_part.etype, &salt, - keyseed, &key); - krb5_data_free (&salt); - if (err) - return err; - - if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - - err = (*decrypt_proc)(context, key, decryptarg, &rep); - if (err) - return err; - memset (key->contents.data, 0, key->contents.length); - krb5_data_free (&key->contents); - free (key); - if (rep.part2.key_expiration) - free (rep.part2.key_expiration); - if (rep.part2.starttime) { - creds->times.starttime = *rep.part2.starttime; - free (rep.part2.starttime); - } else - creds->times.starttime = rep.part2.authtime; - if (rep.part2.renew_till) { - creds->times.renew_till = *rep.part2.renew_till; - free (rep.part2.renew_till); - } else - creds->times.renew_till = rep.part2.endtime; - creds->times.authtime = rep.part2.authtime; - creds->times.endtime = rep.part2.endtime; -#if 0 /* What? */ - if (rep.part2.req.values) - free (rep.part2.req.values); -#endif -#if 0 - if (rep.part2.caddr.addrs) { - int i; - - for (i = 0; i < rep.part2.caddr.number; ++i) { - krb5_data_free (&rep.part2.caddr.addrs[i].address); - } - free (rep.part2.caddr.addrs); - } - krb5_principal_free (rep.part2.sname); - krb5_data_free (&rep.part2.srealm); -#endif - - if (err) - return err; + req.length = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, + sizeof(buf), + &a); + if (req.length < 0) + return ASN1_PARSE_ERROR; + req.data = buf + sizeof(buf) - req.length; + if (addrs == NULL) { + int i; - creds->session.contents.length = 0; - creds->session.contents.data = NULL; - creds->session.keytype = rep.part2.key.keytype; - err = krb5_data_copy (&creds->session.contents, - rep.part2.key.keyvalue.data, - rep.part2.key.keyvalue.length); - memset (rep.part2.key.keyvalue.data, 0, - rep.part2.key.keyvalue.length); - krb5_data_free (&rep.part2.key.keyvalue); - creds->authdata.length = 0; - creds->authdata.data = NULL; + for (i = 0; i < a.req_body.addresses->len; ++i) + krb5_data_free (&a.req_body.addresses->val[i].address); + free (a.req_body.addresses->val); + } - if (err) - return err; + err = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); + if (err) { + return err; + } + if(decode_AS_REP(resp.data, resp.length, &rep.part1) < 0) + return ASN1_PARSE_ERROR; - return krb5_cc_store_cred (context, ccache, creds); + err = extract_ticket(context, &rep, creds, key_proc, keyseed, + decrypt_proc, decryptarg); + if(err) + return err; + return krb5_cc_store_cred (context, ccache, creds); } diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c new file mode 100644 index 000000000..f8e00232e --- /dev/null +++ b/lib/krb5/keytab.c @@ -0,0 +1,124 @@ +#include "krb5_locl.h" + +krb5_error_code +krb5_kt_resolve(krb5_context context, + const char *name, + krb5_keytab *id) +{ + krb5_keytab k; + + if (strncmp (name, "FILE:", 5) != 0) + return -1; + + k = ALLOC(1, krb5_keytab); + if (k == NULL) + return ENOMEM; + k->filename = strdup(name + 5); + if (k->filename == NULL) + return ENOMEM; + *id = k; + return 0; +} + +#define KEYTAB_DEFAULT "FILE:/etc/v5srvtab" + +krb5_error_code +krb5_kt_default_name(krb5_context context, + char *name, + int namesize) +{ + strncpy (name, KEYTAB_DEFAULT, namesize); + return 0; +} + +krb5_error_code +krb5_kt_default(krb5_context context, + krb5_keytab *id) +{ + return krb5_kt_resolve (context, KEYTAB_DEFAULT, id); +} + +krb5_error_code +krb5_kt_read_service_key(krb5_context context, + krb5_pointer keyprocarg, + krb5_principal principal, + krb5_kvno vno, + krb5_keytype keytype, + krb5_keyblock **key) +{ + krb5_keytab keytab; + krb5_keytab_entry entry; + krb5_error_code r; + + if (keyprocarg) + r = krb5_kt_resolve (context, keyprocarg, &keytab); + else + r = krb5_kt_default (context, &keytab); + + r = krb5_kt_get_entry (context, keytab, principal, vno, keytype, &entry); + + krb5_kt_close (context, keytab); + return r; +} + +krb5_error_code +krb5_kt_add_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + abort (); +} + +krb5_error_code +krb5_kt_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + abort (); +} + +krb5_error_code +krb5_kt_get_name(krb5_context context, + krb5_keytab keytab, + char *name, + int namesize) +{ + strncpy (name, keytab->filename, namesize); + return 0; +} + +krb5_error_code +krb5_kt_close(krb5_context context, + krb5_keytab id) +{ + +} + +krb5_error_code +krb5_kt_get_entry(krb5_context, + krb5_keytab, + krb5_principal, + krb5_kvno, + krb5_keytype, + krb5_keytab_entry *); + +krb5_error_code +krb5_kt_free_entry(krb5_context, + krb5_keytab_entry *); + +krb5_error_code +krb5_kt_start_seq_get(krb5_context, + krb5_keytab id, + krb5_kt_cursor *); + +krb5_error_code +krb5_kt_next_entry(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); + +krb5_error_code +krb5_kt_end_seq_get(krb5_context, + krb5_keytab, + krb5_kt_cursor *); + diff --git a/lib/krb5/keytab.h b/lib/krb5/keytab.h new file mode 100644 index 000000000..4dc7980da --- /dev/null +++ b/lib/krb5/keytab.h @@ -0,0 +1,74 @@ +#ifndef __KEYTAB_H__ +#define __KEYTAB_H__ + +#if 0 +krb5_error_code +krb5_kt_register(krb5_context, krb5_kt_ops *); +#endif + +krb5_error_code +krb5_kt_resolve(krb5_context, const char *, krb5_keytab *id); + +krb5_error_code +krb5_kt_default_name(krb5_context, char *name, int namesize); + +krb5_error_code +krb5_kt_default(krb5_context, krb5_keytab *id); + +krb5_error_code +krb5_kt_read_service_key(krb5_context, + krb5_pointer keyprocarg, + krb5_principal principal, + krb5_kvno vno, + krb5_keytype keytype, + krb5_keyblock **key); + +krb5_error_code +krb5_kt_add_entry(krb5_context, + krb5_keytab id, + krb5_keytab_entry *entry); + +krb5_error_code +krb5_kt_remove_entry(krb5_context, + krb5_keytab id, + krb5_keytab_entry *entry); + +krb5_error_code +krb5_kt_get_name(krb5_context, + krb5_keytab, + char *name, + int namesize); + +krb5_error_code +krb5_kt_close(krb5_context, + krb5_keytab id); + +krb5_error_code +krb5_kt_get_entry(krb5_context, + krb5_keytab, + krb5_principal, + krb5_kvno, + krb5_keytype, + krb5_keytab_entry *); + +krb5_error_code +krb5_kt_free_entry(krb5_context, + krb5_keytab_entry *); + +krb5_error_code +krb5_kt_start_seq_get(krb5_context, + krb5_keytab id, + krb5_kt_cursor *); + +krb5_error_code +krb5_kt_next_entry(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); + +krb5_error_code +krb5_kt_end_seq_get(krb5_context, + krb5_keytab, + krb5_kt_cursor *); + +#endif /* __KEYTAB_H__ */ diff --git a/lib/krb5/krb5.h b/lib/krb5/krb5.h index aa360a364..4a51865aa 100644 --- a/lib/krb5/krb5.h +++ b/lib/krb5/krb5.h @@ -28,7 +28,7 @@ typedef int krb5_boolean; typedef int32_t krb5_error_code; - +typedef int krb5_kvno; typedef void *krb5_pointer; typedef const void *krb5_const_pointer; @@ -70,17 +70,22 @@ typedef enum krb5_preauthtype { typedef enum krb5_address_type { - KRB5_ADDRESS_INET = 2 + KRB5_ADDRESS_INET = 2 } krb5_address_type; +enum { + AP_OPTS_USE_SESSION_KEY = 1, + AP_OPTS_MUTUAL_REQUIRED = 2 +}; + typedef struct krb5_address{ - krb5_address_type type; - krb5_data address; + int16_t type; + krb5_data address; } krb5_address; typedef struct krb5_addresses { - int number; - krb5_address *addrs; + int number; + krb5_address *addrs; } krb5_addresses; typedef enum krb5_keytype { KEYTYPE_DES } krb5_keytype; @@ -130,28 +135,27 @@ typedef const krb5_principal_data *krb5_const_principal; typedef krb5_data krb5_realm; -typedef struct krb5_ticket{ - int kvno; - krb5_principal sprinc; - krb5_data enc_part; - krb5_data enc_part2; - krb5_enctype etype; -}krb5_ticket; +typedef struct krb5_ticket { + krb5_principal server; + krb5_data enc_part; + krb5_data enc_part2; +} krb5_ticket; + #define KRB5_PARSE_MALFORMED 17 #define KRB5_PROG_ETYPE_NOSUPP 4711 typedef struct krb5_creds { - krb5_principal client; - krb5_principal server; - krb5_keyblock session; - krb5_times times; - krb5_ticket ticket; - - krb5_ticket second_ticket; /* ? */ - krb5_data authdata; /* ? */ - krb5_addresses addresses; - + krb5_principal client; + krb5_principal server; + krb5_keyblock session; + krb5_times times; + krb5_data ticket; + + krb5_data second_ticket; /* ? */ + krb5_data authdata; /* ? */ + krb5_addresses addresses; + } krb5_creds; @@ -184,10 +188,19 @@ typedef struct krb5_cc_cursor{ int fd; }krb5_cc_cursor; -typedef struct krb5_keytab{ - int dummy; -}krb5_keytab; +struct krb5_keytab_data { + char *filename; +}; + +typedef struct krb5_keytab_data *krb5_keytab; +typedef struct krb5_keytab_entry { + int foo; +} krb5_keytab_entry; + +typedef struct krb5_kt_cursor { + int foo; +} krb5_kt_cursor; typedef struct krb5_auth_context{ int32_t flags; @@ -223,6 +236,14 @@ typedef struct { krb5_error_code krb5_init_context(krb5_context *context); +krb5_error_code +krb5_auth_con_init(krb5_context context, + krb5_auth_context **auth_context); + +krb5_error_code +krb5_auth_con_free(krb5_context context, + krb5_auth_context *auth_context, + krb5_flags flags); krb5_error_code krb5_get_cred_from_kdc(krb5_context, @@ -237,7 +258,7 @@ krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds *in_creds, - krb5_creds *out_creds); + krb5_creds **out_creds); typedef krb5_error_code (*krb5_key_proc)(krb5_context context, krb5_keytype type, @@ -299,6 +320,17 @@ krb5_rd_req(krb5_context context, krb5_flags *ap_req_options, krb5_ticket **ticket); +typedef EncAPRepPart krb5_ap_rep_enc_part; + +krb5_error_code +krb5_rd_rep(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_ap_rep_enc_part **repl); + +void +krb5_free_ap_rep_enc_part (krb5_context context, + krb5_ap_rep_enc_part *val); krb5_error_code krb5_parse_name(krb5_context context, @@ -408,6 +440,7 @@ krb5_string_to_key (char *str, #include "cache.h" +#include "keytab.h" #endif /* __KRB5_H__ */ diff --git a/lib/krb5/krb5_locl.h b/lib/krb5/krb5_locl.h index deac9ebfa..4d308f574 100644 --- a/lib/krb5/krb5_locl.h +++ b/lib/krb5/krb5_locl.h @@ -57,7 +57,19 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *realm, krb5_data *receive); +krb5_error_code +krb5_build_ap_req (krb5_context context, + krb5_creds *cred, + krb5_flags ap_options, + krb5_data authenticator, + krb5_data *ret); +krb5_error_code +krb5_build_authenticator (krb5_context context, + krb5_principal client, + Checksum *cksum, + Authenticator **auth, + krb5_data *result); #define ALLOC(N, X) ((X*)malloc((N) * sizeof(X))) #define FREE(X) do{if(X)free(X);}while(0) diff --git a/lib/krb5/krbhst.c b/lib/krb5/krbhst.c index 4c2aaf67a..78994a9a1 100644 --- a/lib/krb5/krbhst.c +++ b/lib/krb5/krbhst.c @@ -8,8 +8,12 @@ krb5_get_krbhst (krb5_context context, krb5_error_code err; char buf[BUFSIZ]; char *val; - - sprintf (buf, "realms %.*s kdc", (int)realm->length, (char*)realm->data); + + memset(buf, 0, sizeof(buf)); + strcpy(buf, "realms "); + strncat(buf, (char*)realm->data, realm->length); + strcat(buf, " kdc"); + err = krb5_get_config_tag (context->cf, buf, &val); if (err) return err; diff --git a/lib/krb5/mit-crc.c b/lib/krb5/mit-crc.c new file mode 100644 index 000000000..0c91b962e --- /dev/null +++ b/lib/krb5/mit-crc.c @@ -0,0 +1,141 @@ +#include <krb5_locl.h> + +/* This table and block of comments are taken from code labeled: */ +/* + * Copyright (C) 1986 Gary S. Brown. You may use this program, or + * code or tables extracted from it, as desired without restriction. + */ + +/* First, the polynomial itself and its table of feedback terms. The */ +/* polynomial is */ +/* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */ +/* Note that we take it "backwards" and put the highest-order term in */ +/* the lowest-order bit. The X^32 term is "implied"; the LSB is the */ +/* X^31 term, etc. The X^0 term (usually shown as "+1") results in */ +/* the MSB being 1. */ + +/* Note that the usual hardware shift register implementation, which */ +/* is what we're using (we're merely optimizing it by doing eight-bit */ +/* chunks at a time) shifts bits into the lowest-order term. In our */ +/* implementation, that means shifting towards the right. Why do we */ +/* do it this way? Because the calculated CRC must be transmitted in */ +/* order from highest-order term to lowest-order term. UARTs transmit */ +/* characters in order from LSB to MSB. By storing the CRC this way, */ +/* we hand it to the UART in the order low-byte to high-byte; the UART */ +/* sends each low-bit to hight-bit; and the result is transmission bit */ +/* by bit from highest- to lowest-order term without requiring any bit */ +/* shuffling on our part. Reception works similarly. */ + +/* The feedback terms table consists of 256, 32-bit entries. Notes: */ +/* */ +/* 1. The table can be generated at runtime if desired; code to do so */ +/* is shown later. It might not be obvious, but the feedback */ +/* terms simply represent the results of eight shift/xor opera- */ +/* tions for all combinations of data and CRC register values. */ +/* */ +/* 2. The CRC accumulation logic is the same for all CRC polynomials, */ +/* be they sixteen or thirty-two bits wide. You simply choose the */ +/* appropriate table. Alternatively, because the table can be */ +/* generated at runtime, you can start by generating the table for */ +/* the polynomial in question and use exactly the same "updcrc", */ +/* if your application needn't simultaneously handle two CRC */ +/* polynomials. (Note, however, that XMODEM is strange.) */ +/* */ +/* 3. For 16-bit CRCs, the table entries need be only 16 bits wide; */ +/* of course, 32-bit entries work OK if the high 16 bits are zero. */ +/* */ +/* 4. The values must be right-shifted by eight bits by the "updcrc" */ +/* logic; the shift must be unsigned (bring in zeroes). On some */ +/* hardware you could probably optimize the shift in assembler by */ +/* using byte-swap instructions. */ + +static u_long const crc_table[256] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, + 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, + 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, + 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, + 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, + 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, + 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, + 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, + 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, + 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, + 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, + 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, + 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, + 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, + 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, + 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, + 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, + 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, + 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, + 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, + 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, + 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, + 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, + 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, + 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, + 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, + 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, + 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, + 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, + 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, + 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, + 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, + 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, + 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, + 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, + 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, + 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, + 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, + 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, + 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, + 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, + 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d + }; + + +void +crc_init_table() +{ +} + +u_long +crc_update(void *in, size_t in_length, u_long crc) +{ + u_char *data; + u_int32_t c = 0; + int idx; + size_t i; + + data = (u_char *)in; + for (i = 0; i < in_length; i++) { + idx = (int) (data[i] ^ c); + idx &= 0xff; + c >>= 8; + c ^= crc_table[idx]; + } + return c & 0xffffffff; +} diff --git a/lib/krb5/mk_req.c b/lib/krb5/mk_req.c new file mode 100644 index 000000000..0d5c19d62 --- /dev/null +++ b/lib/krb5/mk_req.c @@ -0,0 +1,63 @@ +#include <krb5_locl.h> +#include <krb5_error.h> + +krb5_error_code +krb5_mk_req(krb5_context context, + krb5_auth_context **auth_context, + const krb5_flags ap_req_options, + char *service, + char *hostname, + krb5_data *in_data, + krb5_ccache ccache, + krb5_data *outbuf) +{ + krb5_error_code r; + krb5_creds this_cred, cred; + char **realms; + Authenticator *auth; + krb5_data realm_data, authenticator; + + if (*auth_context == NULL) { + r = krb5_auth_con_init(context, auth_context); + if (r) + return r; + } + + r = krb5_get_host_realm(context, hostname, &realms); + if (r) + return r; + realm_data.length = strlen(*realms); + realm_data.data = *realms; + + r = krb5_build_principal (context, &this_cred.server, + strlen(*realms), + *realms, + service, + hostname, + NULL); + if (r) + return r; + this_cred.times.endtime = time (NULL) + 4711; + + r = krb5_get_credentials (context, 0, ccache, &this_cred, &cred); + if (r) + return r; + + (*auth_context)->key.keytype = cred.session.keytype; + krb5_data_copy (&(*auth_context)->key.contents, + cred.session.contents.data, + cred.session.contents.length); + + r = krb5_build_authenticator (context, cred.client, + NULL, &auth, + &authenticator); + if (r) + return r; + + (*auth_context)->authenticator->cusec = auth->cusec; + (*auth_context)->authenticator->ctime = auth->ctime; + + r = krb5_build_ap_req (context, &cred, ap_req_options, + authenticator, outbuf); + return r; +} diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index ae3a6b9b8..9fcfb97de 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -228,16 +228,51 @@ krb5_principal_set_component(krb5_principal p, int n, void *data, size_t len) } -krb5_error_code -krb5_build_principal_va(krb5_context context, - krb5_principal *principal, - int rlen, - const char *realm, - va_list ap) +static void +va_ext_princ(krb5_principal p, va_list ap) +{ + int n = 0; + while(1){ + char *s; + int len; + len = va_arg(ap, int); + if(len == 0) + break; + s = va_arg(ap, char*); + krb5_principal_set_component(p, n, s, len); + n++; + } + p->ncomp = n; +} + +static void +va_princ(krb5_principal p, va_list ap) +{ + int n = 0; + while(1){ + char *s; + int len; + s = va_arg(ap, char*); + if(s == NULL) + break; + len = strlen(s); + krb5_principal_set_component(p, n, s, len); + n++; + } + p->ncomp = n; +} + + +static krb5_error_code +build_principal(krb5_context context, + krb5_principal *principal, + int rlen, + const char *realm, + void (*func)(krb5_principal, va_list), + va_list ap) { krb5_principal p; int n; - char *s; if(krb5_principal_alloc(&p)) return ENOMEM; @@ -248,19 +283,32 @@ krb5_build_principal_va(krb5_context context, return ENOMEM; } - n = 0; - while(1){ - s = va_arg(ap, char*); - if(s == NULL) - break; - krb5_principal_set_component(p, n, s, strlen(s)); - n++; - } - p->ncomp = n; + (*func)(p, ap); *principal = p; return 0; } +krb5_error_code +krb5_build_principal_va(krb5_context context, + krb5_principal *principal, + int rlen, + const char *realm, + va_list ap) +{ + return build_principal(context, principal, rlen, realm, va_princ, ap); +} + +/* Not part of MIT K5 API */ +krb5_error_code +krb5_build_principal_va_ext(krb5_context context, + krb5_principal *principal, + int rlen, + const char *realm, + va_list ap) +{ + return build_principal(context, principal, rlen, realm, va_ext_princ, ap); +} + krb5_error_code krb5_build_principal_ext(krb5_context context, @@ -269,8 +317,12 @@ krb5_build_principal_ext(krb5_context context, const char *realm, ...) { - fprintf(stderr, "krb5_build_principal_ext: not implemented\n"); - abort(); + krb5_error_code ret; + va_list ap; + va_start(ap, realm); + ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap); + va_end(ap); + return ret; } diff --git a/lib/krb5/rd_rep.c b/lib/krb5/rd_rep.c new file mode 100644 index 000000000..e8246d53d --- /dev/null +++ b/lib/krb5/rd_rep.c @@ -0,0 +1,65 @@ +#include <krb5_locl.h> +#include <krb5_error.h> + +krb5_error_code +krb5_rd_rep(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_ap_rep_enc_part **repl) +{ + AP_REP ap_rep; + int len; + des_key_schedule schedule; + char *buf; + int i; + + len = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep); + if (len < 0) + return ASN1_PARSE_ERROR; + if (ap_rep.pvno != 5) + return KRB_AP_ERR_BADVERSION; + if (ap_rep.msg_type != krb_ap_rep) + return KRB_AP_ERR_MSG_TYPE; + + des_set_key (auth_context->key.contents.data, &schedule); + len = ap_rep.enc_part.cipher.length; + buf = malloc (len); + if (buf == NULL) + return ENOMEM; + des_cbc_encrypt ((des_cblock *)ap_rep.enc_part.cipher.data, + (des_cblock *)buf, + len, + schedule, + auth_context->key.contents.data, + DES_DECRYPT); + + /* XXX - Check CRC */ + + *repl = malloc(sizeof(**repl)); + if (*repl == NULL) + return ENOMEM; + + i = decode_EncAPRepPart((unsigned char *)buf + 12, len - 12, *repl); + if (i < 0) + return ASN1_PARSE_ERROR; + if ((*repl)->ctime != auth_context->authenticator->ctime || + (*repl)->cusec != auth_context->authenticator->cusec) { + printf("KRB_AP_ERR_MUT_FAIL\n"); + printf ("(%u, %u) != (%u, %u)\n", + (*repl)->ctime, (*repl)->cusec, + auth_context->authenticator->ctime, + auth_context->authenticator->cusec); + } +#if 0 + return KRB_AP_ERR_MUT_FAIL; +#endif + + return 0; +} + +void +krb5_free_ap_rep_enc_part (krb5_context context, + krb5_ap_rep_enc_part *val) +{ + free (val); +} |