From lhoward at MIT.EDU Thu Jan 1 01:17:24 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Thu, 1 Jan 2009 01:17:24 -0500 (EST) Subject: svn rev #21655: branches/mskrb-integ/src/kdc/ Message-ID: <200901010617.BAA02931@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21655 Commit By: lhoward Log Message: Only add FD to sstate.rfds if add_XXX_fd() succeeds Changed Files: U branches/mskrb-integ/src/kdc/network.c Modified: branches/mskrb-integ/src/kdc/network.c =================================================================== --- branches/mskrb-integ/src/kdc/network.c 2009-01-01 03:04:24 UTC (rev 21654) +++ branches/mskrb-integ/src/kdc/network.c 2009-01-01 06:17:22 UTC (rev 21655) @@ -527,26 +527,28 @@ /* Sockets are created, prepare to listen on them. */ if (s4 >= 0) { - FD_SET(s4, &sstate.rfds); - if (s4 >= sstate.max) - sstate.max = s4 + 1; if (add_tcp_listener_fd(data, s4) == 0) close(s4); - else + else { + FD_SET(s4, &sstate.rfds); + if (s4 >= sstate.max) + sstate.max = s4 + 1; krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", s4, paddr((struct sockaddr *)&sin4)); + } } #ifdef KRB5_USE_INET6 if (s6 >= 0) { - FD_SET(s6, &sstate.rfds); - if (s6 >= sstate.max) - sstate.max = s6 + 1; if (add_tcp_listener_fd(data, s6) == 0) { close(s6); s6 = -1; - } else + } else { + FD_SET(s6, &sstate.rfds); + if (s6 >= sstate.max) + sstate.max = s6 + 1; krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", s6, paddr((struct sockaddr *)&sin6)); + } if (s4 < 0) krb5_klog_syslog(LOG_INFO, "assuming IPv6 socket accepts IPv4"); @@ -665,9 +667,6 @@ return 1; } } - FD_SET (sock, &sstate.rfds); - if (sock >= sstate.max) - sstate.max = sock + 1; krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock, paddr((struct sockaddr *)addr), pktinfo ? " (pktinfo)" : ""); @@ -675,6 +674,9 @@ close(sock); return 1; } + FD_SET (sock, &sstate.rfds); + if (sock >= sstate.max) + sstate.max = sock + 1; } return 0; } From lhoward at MIT.EDU Thu Jan 1 05:36:33 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Thu, 1 Jan 2009 05:36:33 -0500 (EST) Subject: svn rev #21656: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901011036.FAA08161@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21656 Commit By: lhoward Log Message: Use KRB5_PRINCIPAL_UNPARSE_NO_REALM for the logon name; cleanup Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/pac.c Modified: branches/mskrb-integ/src/lib/krb5/krb/pac.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/pac.c 2009-01-01 06:17:22 UTC (rev 21655) +++ branches/mskrb-integ/src/lib/krb5/krb/pac.c 2009-01-01 10:36:32 UTC (rev 21656) @@ -297,7 +297,7 @@ } /* - * Parse the supplied data into the PAC allocated by this function + * Parse the supplied data into the PAC allocated by this function */ krb5_error_code KRB5_CALLCONV krb5_pac_parse(krb5_context context, @@ -378,13 +378,13 @@ } static krb5_error_code -k5_time_to_seconds_since_1970(krb5_ui_8 time, krb5_timestamp *elapsedSeconds) +k5_time_to_seconds_since_1970(krb5_ui_8 ntTime, krb5_timestamp *elapsedSeconds) { krb5_ui_8 abstime; - time /= 10000000; + ntTime /= 10000000; - abstime = time > 0 ? time - NT_TIME_EPOCH : -time; + abstime = time > 0 ? ntTime - NT_TIME_EPOCH : -ntTime; if (abstime > KRB5_INT32_MAX) return ERANGE; @@ -395,14 +395,14 @@ } static krb5_error_code -k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, krb5_ui_8 *time) +k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, krb5_ui_8 *ntTime) { - *time = elapsedSeconds; + *ntTime = elapsedSeconds; if (elapsedSeconds > 0) - *time += NT_TIME_EPOCH; + *ntTime += NT_TIME_EPOCH; - *time *= 10000000; + *ntTime *= 10000000; return 0; } @@ -652,7 +652,7 @@ } ret = krb5_unparse_name_flags(context, principal, - KRB5_PRINCIPAL_UNPARSE_SHORT, &princ_name_utf8); + KRB5_PRINCIPAL_UNPARSE_NO_REALM, &princ_name_utf8); if (ret != 0) goto cleanup; From lhoward at MIT.EDU Thu Jan 1 17:33:19 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Thu, 1 Jan 2009 17:33:19 -0500 (EST) Subject: svn rev #21657: branches/mskrb-integ/src/kdc/ Message-ID: <200901012233.RAA16355@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21657 Commit By: lhoward Log Message: Refactor by adding find_pa_data() helper Changed Files: U branches/mskrb-integ/src/kdc/kdc_util.c U branches/mskrb-integ/src/kdc/kdc_util.h Modified: branches/mskrb-integ/src/kdc/kdc_util.c =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-01 10:36:32 UTC (rev 21656) +++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-01 22:33:18 UTC (rev 21657) @@ -216,13 +216,29 @@ return(0); } +krb5_pa_data * +find_pa_data(krb5_pa_data **padata, krb5_preauthtype pa_type) +{ + krb5_pa_data **tmppa; + + if (padata == NULL) + return NULL; + + for (tmppa = padata; *tmppa != NULL; tmppa++) { + if ((*tmppa)->pa_type == pa_type) + break; + } + + return *tmppa; +} + krb5_error_code kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, krb5_data *pkt, krb5_ticket **ticket, krb5_db_entry *krbtgt, int *nprincs, krb5_keyblock **subkey) { - krb5_pa_data ** tmppa; + krb5_pa_data * tmppa; krb5_ap_req * apreq; krb5_error_code retval; krb5_data scratch1; @@ -233,31 +249,18 @@ krb5_checksum * his_cksum = NULL; krb5_keyblock * key = NULL; krb5_kvno kvno = 0; - krb5_boolean for_user = FALSE; *nprincs = 0; - if (!request->padata) + tmppa = find_pa_data(request->padata, KRB5_PADATA_AP_REQ); + if (!tmppa) return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - for (tmppa = request->padata; *tmppa; tmppa++) { - if ((*tmppa)->pa_type == KRB5_PADATA_AP_REQ) - break; - } - if (!*tmppa) /* cannot find any AP_REQ */ - return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - scratch1.length = (*tmppa)->length; - scratch1.data = (char *)(*tmppa)->contents; + scratch1.length = tmppa->length; + scratch1.data = (char *)tmppa->contents; if ((retval = decode_krb5_ap_req(&scratch1, &apreq))) return retval; - /* Set for_user to TRUE if protocol transition is being used */ - for (tmppa = request->padata; *tmppa; tmppa++) { - if ((*tmppa)->pa_type == KRB5_PADATA_FOR_USER) - break; - } - for_user = (*tmppa != NULL); - if (isflagset(apreq->ap_options, AP_OPTS_USE_SESSION_KEY) || isflagset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) { krb5_klog_syslog(LOG_INFO, "TGS_REQ: SESSION KEY or MUTUAL"); @@ -357,7 +360,7 @@ } /* make sure the client is of proper lineage (see above) */ - if (foreign_server && for_user == FALSE) { + if (foreign_server && !find_pa_data(request->padata, KRB5_PADATA_FOR_USER)) { if (is_local_principal((*ticket)->enc_part2->client)) { /* someone in a foreign realm claiming to be local */ krb5_klog_syslog(LOG_INFO, "PROCESS_TGS: failed lineage check"); Modified: branches/mskrb-integ/src/kdc/kdc_util.h =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.h 2009-01-01 10:36:32 UTC (rev 21656) +++ branches/mskrb-integ/src/kdc/kdc_util.h 2009-01-01 22:33:18 UTC (rev 21657) @@ -172,6 +172,9 @@ krb5_error_code free_padata_context (krb5_context context, void **padata_context); +krb5_pa_data *find_pa_data + (krb5_pa_data **padata, krb5_preauthtype pa_type); + /* kdc_authdata.c */ krb5_error_code load_authdata_plugins(krb5_context context); krb5_error_code unload_authdata_plugins(krb5_context context); From lhoward at MIT.EDU Thu Jan 1 17:34:05 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Thu, 1 Jan 2009 17:34:05 -0500 (EST) Subject: svn rev #21658: branches/mskrb-integ/src/kdc/ Message-ID: <200901012234.RAA16436@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21658 Commit By: lhoward Log Message: Set KRB5_KDB_FLAG_PKINIT flag, AD backends need this to return PAC_CREDENTIAL_DATA Changed Files: U branches/mskrb-integ/src/kdc/do_as_req.c Modified: branches/mskrb-integ/src/kdc/do_as_req.c =================================================================== --- branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-01 22:33:18 UTC (rev 21657) +++ branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-01 22:34:05 UTC (rev 21658) @@ -525,6 +525,9 @@ goto errout; } + if (find_pa_data(reply.padata, KRB5_PADATA_PK_AS_REP)) + c_flags |= KRB5_KDB_FLAG_PKINIT; + errcode = handle_authdata(kdc_context, c_flags, &client, From tlyu at MIT.EDU Thu Jan 1 20:40:44 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 1 Jan 2009 20:40:44 -0500 (EST) Subject: svn rev #21659: trunk/src/lib/krb5/krb/ Message-ID: <200901020140.UAA18686@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21659 Commit By: tlyu Log Message: ticket: 5947 Rewrite walk_rtree.c to handle hierarchical traversal better and to be less convoluted. Update test cases. Changed Files: U trunk/src/lib/krb5/krb/Makefile.in U trunk/src/lib/krb5/krb/walk_rtree.c U trunk/src/lib/krb5/krb/walktree-tests Modified: trunk/src/lib/krb5/krb/Makefile.in =================================================================== --- trunk/src/lib/krb5/krb/Makefile.in 2009-01-01 22:34:05 UTC (rev 21658) +++ trunk/src/lib/krb5/krb/Makefile.in 2009-01-02 01:40:41 UTC (rev 21659) @@ -294,7 +294,7 @@ COMERRLIB=$(TOPLIBD)/libcom_err.a T_WALK_RTREE_OBJS= t_walk_rtree.o walk_rtree.o tgtname.o unparse.o \ - free_rtree.o bld_pr_ext.o + free_rtree.o bld_pr_ext.o copy_data.o T_KERB_OBJS= t_kerb.o conv_princ.o unparse.o set_realm.o str_conv.o @@ -351,8 +351,8 @@ $(RUN_SETUP) $(VALGRIND) ./t_ser $(RUN_SETUP) $(VALGRIND) ./t_deltat $(RUN_SETUP) $(VALGRIND) sh $(srcdir)/transit-tests - : known to fail "http://krbdev.mit.edu/rt/Ticket/Display.html?id=5947" - -$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests + KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ + $(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests clean:: $(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \ Modified: trunk/src/lib/krb5/krb/walk_rtree.c =================================================================== --- trunk/src/lib/krb5/krb/walk_rtree.c 2009-01-01 22:34:05 UTC (rev 21658) +++ trunk/src/lib/krb5/krb/walk_rtree.c 2009-01-02 01:40:41 UTC (rev 21659) @@ -1,14 +1,14 @@ /* * lib/krb5/krb/walk_rtree.c * - * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2008,2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +22,104 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * * krb5_walk_realm_tree() + * + * internal function, used by krb5_get_cred_from_kdc() */ +#include "k5-int.h" +#include "int-proto.h" + +/* + * Structure to help with finding the common suffix between client and + * server realm during hierarchical traversal. + */ +struct hstate { + char *str; + size_t len; + char *tail; + char *dot; +}; + +static krb5_error_code +rtree_capath_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char **vals, + krb5_principal **tree); + +static krb5_error_code +rtree_capath_vals( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char ***vals); + +static krb5_error_code +rtree_hier_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_principal **rettree, + int sep); + +static krb5_error_code +rtree_hier_realms( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_data **realms, + size_t *nrealms, + int sep); + +static krb5_error_code +rtree_hier_tweens( + krb5_context context, + struct hstate *realm, + krb5_data **tweens, + size_t *ntweens, + int dotail, + int sep); + +static void +adjtail(struct hstate *c, struct hstate *s, int sep); + +static void +comtail(struct hstate *c, struct hstate *s, int sep); + +krb5_error_code +krb5_walk_realm_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_principal **tree, + int realm_sep) +{ + krb5_error_code retval = 0; + char **capvals; + + if (client->data == NULL || server->data == NULL) + return KRB5_NO_TKT_IN_RLM; + + if (client->length == server->length && + memcmp(client->data, server->data, server->length) == 0) { + return KRB5_NO_TKT_IN_RLM; + } + retval = rtree_capath_vals(context, client, server, &capvals); + if (retval) + return retval; + + if (capvals != NULL) { + retval = rtree_capath_tree(context, client, server, capvals, tree); + return retval; + } + + retval = rtree_hier_tree(context, client, server, tree, realm_sep); + return retval; +} + /* ANL - Modified to allow Configurable Authentication Paths. * This modification removes the restriction on the choice of realm * names, i.e. they nolonger have to be hierarchical. This @@ -52,8 +145,8 @@ * NERSC.GOV = ES.NET * PNL.GOV = ES.NET * ES.NET = . - * HAL.COM = K5.MOON - * HAL.COM = K5.JUPITER + * HAL.COM = K5.MOON + * HAL.COM = K5.JUPITER * } * NERSC.GOV = { * ANL.GOV = ES.NET @@ -62,7 +155,7 @@ * ANL.GOV = ES.NET * } * ES.NET = { - * ANL.GOV = . + * ANL.GOV = . * } * HAL.COM = { * ANL.GOV = K5.JUPITER @@ -82,326 +175,384 @@ * will work together. * DEE - 5/23/95 */ -#include "k5-int.h" -#include "int-proto.h" -/* internal function, used by krb5_get_cred_from_kdc() */ +/* + * Build a tree given a set of profile values retrieved by + * walk_rtree_capath_vals(). + */ +static krb5_error_code +rtree_capath_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char **vals, + krb5_principal **rettree) +{ + krb5_error_code retval = 0; + unsigned int nvals, nlinks, nprincs, i; + krb5_data srcrealm, dstrealm; + krb5_principal *tree, *pprinc; -#ifndef min -#define min(x,y) ((x) < (y) ? (x) : (y)) -#define max(x,y) ((x) > (y) ? (x) : (y)) -#endif + *rettree = NULL; + tree = pprinc = NULL; + for (nvals = 0; vals[nvals] != NULL; nvals++) + ; + if (vals[0] != NULL && *vals[0] == '.') { + nlinks = 0; + } else { + nlinks = nvals; + } + nprincs = nlinks + 2; + tree = calloc(nprincs + 1, sizeof(krb5_principal)); + if (tree == NULL) { + retval = ENOMEM; + goto error; + } + for (i = 0; i < nprincs + 1; i++) + tree[i] = NULL; + /* Invariant: PPRINC points one past end of list. */ + pprinc = &tree[0]; + /* Local TGS name */ + retval = krb5_tgtname(context, client, client, pprinc++); + if (retval) goto error; + srcrealm = *client; + for (i = 0; i < nlinks; i++) { + dstrealm.data = vals[i]; + dstrealm.length = strcspn(vals[i], "\t "); + retval = krb5_tgtname(context, &dstrealm, &srcrealm, pprinc++); + if (retval) goto error; + srcrealm = dstrealm; + } + retval = krb5_tgtname(context, server, &srcrealm, pprinc++); + if (retval) goto error; + *rettree = tree; +error: + profile_free_list(vals); + if (retval) { + while (pprinc != NULL && pprinc > &tree[0]) { + /* krb5_free_principal() correctly handles null input */ + krb5_free_principal(context, *--pprinc); + *pprinc = NULL; + } + free(tree); + } + return retval; +} + /* - * xxx The following function is very confusing to read and probably - * is buggy. It should be documented better. Here is what I've - * learned about it doing a quick bug fixing walk through. The - * function takes a client and server realm name and returns the set - * of realms (in a field called tree) that you need to get tickets in - * in order to get from the source realm to the destination realm. It - * takes a realm separater character (normally ., but presumably there - * for all those X.500 realms) . There are two modes it runs in: the - * ANL krb5.conf mode and the hierarchy mode. The ANL mode is - * fairly obvious. The hierarchy mode looks for common components in - * both the client and server realms. In general, the pointer scp and - * ccp are used to walk through the client and server realms. The - * com_sdot and com_cdot pointers point to (I think) the beginning of - * the common part of the realm names. I.E. strcmp(com_cdot, - * com_sdot) ==0 is roughly an invarient. However, there are cases - * where com_sdot and com_cdot are set to point before the start of - * the client or server strings. I think this only happens when there - * are no common components. --hartmans 2002/03/14 + * Get realm list from "capaths" section of the profile. Deliberately + * returns success but leaves VALS null if profile_get_values() fails + * by not finding anything. */ - -krb5_error_code -krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_data *server, krb5_principal **tree, int realm_branch_char) +static krb5_error_code +rtree_capath_vals( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char ***vals) { - krb5_error_code retval; - krb5_principal *rettree; - register char *ccp, *scp; - register char *prevccp = 0, *prevscp = 0; - char *com_sdot = 0, *com_cdot = 0; - register int i, links = 0; - int clen, slen = -1; - krb5_data tmpcrealm, tmpsrealm; - int nocommon = 1; + krb5_error_code retval = 0; + /* null-terminated realm names */ + char *clientz = NULL, *serverz = NULL; + const char *key[4]; - const char *cap_names[4]; - char *cap_client, *cap_server; - char **cap_nodes; - krb5_error_code cap_code; + *vals = NULL; -#ifdef DEBUG_REFERRALS - printf("krb5_walk_realm_tree starting\n"); - printf(" client is %s\n",client->data); - printf(" server is %s\n",server->data); -#endif + clientz = calloc(client->length + 1, 1); + if (clientz == NULL) { + retval = ENOMEM; + goto error; + } + memcpy(clientz, client->data, client->length); - if (!(client->data &&server->data)) - return KRB5_NO_TKT_IN_RLM; - if ((cap_client = (char *)malloc(client->length + 1)) == NULL) - return ENOMEM; - strncpy(cap_client, client->data, client->length); - cap_client[client->length] = '\0'; - if ((cap_server = (char *)malloc(server->length + 1)) == NULL) { - krb5_xfree(cap_client); - return ENOMEM; + serverz = calloc(server->length + 1, 1); + if (clientz == NULL) { + retval = ENOMEM; + goto error; } - strncpy(cap_server, server->data, server->length); - cap_server[server->length] = '\0'; - cap_names[0] = "capaths"; - cap_names[1] = cap_client; - cap_names[2] = cap_server; - cap_names[3] = 0; - cap_code = profile_get_values(context->profile, cap_names, &cap_nodes); - krb5_xfree(cap_client); /* done with client string */ - cap_names[1] = 0; - if (cap_code == 0) { /* found a path, so lets use it */ - links = 0; - if (*cap_nodes[0] != '.') { /* a link of . means direct */ - while(cap_nodes[links]) { - links++; - } - } - if (cap_nodes[links] != NULL) - krb5_xfree(cap_nodes[links]); + memcpy(serverz, server->data, server->length); - cap_nodes[links] = cap_server; /* put server on end of list */ - /* this simplifies the code later and make */ - /* cleanup eaiser as well */ - links++; /* count the null entry at end */ - } else { /* no path use hierarchical method */ - krb5_xfree(cap_server); /* failed, don't need server string */ - cap_names[2] = 0; + key[0] = "capaths"; + key[1] = clientz; + key[2] = serverz; + key[3] = NULL; + retval = profile_get_values(context->profile, key, vals); + switch (retval) { + case PROF_NO_SECTION: + case PROF_NO_RELATION: + /* + * Not found; don't return an error. + */ + retval = 0; + break; + default: + break; + } +error: + free(clientz); + free(serverz); + return retval; +} - clen = client->length; - slen = server->length; +/* + * Build tree by hierarchical traversal. + */ +static krb5_error_code +rtree_hier_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_principal **rettree, + int sep) +{ + krb5_error_code retval; + krb5_data *realms; + const krb5_data *dstrealm, *srcrealm; + krb5_principal *tree, *pprinc; + size_t nrealms, nprincs, i; - for (com_cdot = ccp = client->data + clen - 1, - com_sdot = scp = server->data + slen - 1; - clen && slen && *ccp == *scp ; - ccp--, scp--, clen--, slen--) { - if (*ccp == realm_branch_char) { - com_cdot = ccp; - com_sdot = scp; - nocommon = 0; - } - } + *rettree = NULL; + retval = rtree_hier_realms(context, client, server, + &realms, &nrealms, sep); + if (retval) + return retval; + nprincs = nrealms; + pprinc = tree = calloc(nprincs + 1, sizeof(krb5_principal)); + if (tree == NULL) { + retval = ENOMEM; + goto error; + } + for (i = 0; i < nrealms; i++) + tree[i] = NULL; + srcrealm = client; + for (i = 0; i < nrealms; i++) { + dstrealm = &realms[i]; + retval = krb5_tgtname(context, dstrealm, srcrealm, pprinc++); + if (retval) goto error; + srcrealm = dstrealm; + } + *rettree = tree; + return 0; +error: + while (pprinc != NULL && pprinc > tree) { + krb5_free_principal(context, *--pprinc); + *pprinc = NULL; + } + free(tree); + return retval; +} - /* ccp, scp point to common root. - com_cdot, com_sdot point to common components. */ - /* handle case of one ran out */ - if (!clen) { - /* construct path from client to server, down the tree */ - if (!slen) - /* in the same realm--this means there is no ticket - in this realm. */ - return KRB5_NO_TKT_IN_RLM; - if (*scp == realm_branch_char) { - /* one is a subdomain of the other */ - com_cdot = client->data; - com_sdot = scp; - nocommon = 0; - } /* else normal case of two sharing parents */ - } - if (!slen) { - /* construct path from client to server, up the tree */ - if (*ccp == realm_branch_char) { - /* one is a subdomain of the other */ - com_sdot = server->data; - com_cdot = ccp; - nocommon = 0; - } /* else normal case of two sharing parents */ - } - /* determine #links to/from common ancestor */ - if (nocommon) - links = 1; - else - links = 2; - /* if no common ancestor, artificially set up common root at the last - component, then join with special code */ - for (ccp = client->data; ccp < com_cdot; ccp++) { - if (*ccp == realm_branch_char) { - links++; - if (nocommon) - prevccp = ccp; - } - } +/* + * Construct list of realms between client and server. + */ +static krb5_error_code +rtree_hier_realms( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_data **realms, + size_t *nrealms, + int sep) +{ + krb5_error_code retval; + struct hstate c, s; + krb5_data *ctweens, *stweens, *twp, *r, *rp; + size_t nctween, nstween; - for (scp = server->data; scp < com_sdot; scp++) { - if (*scp == realm_branch_char) { - links++; - if (nocommon) - prevscp = scp; - } - } - if (nocommon) { - if (prevccp) - com_cdot = prevccp; - if (prevscp) - com_sdot = prevscp; + r = rp = NULL; + c.str = client->data; + c.len = client->length; + c.dot = c.tail = NULL; + s.str = server->data; + s.len = server->length; + s.dot = s.tail = NULL; - if(com_cdot == client->data + client->length -1) - com_cdot = client->data - 1 ; - if(com_sdot == server->data + server->length -1) - com_sdot = server->data - 1 ; - } - } /* end of if use hierarchical method */ + comtail(&c, &s, sep); + adjtail(&c, &s, sep); - if (!(rettree = (krb5_principal *)calloc(links+2, - sizeof(krb5_principal)))) { - return ENOMEM; + retval = rtree_hier_tweens(context, &c, &ctweens, &nctween, 1, sep); + if (retval) goto error; + retval = rtree_hier_tweens(context, &s, &stweens, &nstween, 0, sep); + if (retval) goto error; + + *nrealms = nctween + nstween; + rp = r = calloc(*nrealms, sizeof(krb5_data)); + if (r == NULL) { + retval = ENOMEM; + goto error; } - i = 1; - if ((retval = krb5_tgtname(context, client, client, &rettree[0]))) { - krb5_xfree(rettree); - return retval; + /* Copy client realm "tweens" forward. */ + for (twp = ctweens; twp < &ctweens[nctween]; twp++) { + retval = krb5int_copy_data_contents(context, twp, rp++); + if (retval) goto error; } - links--; /* dont count the null entry on end */ - if (cap_code == 0) { /* found a path above */ - tmpcrealm.data = client->data; - tmpcrealm.length = client->length; - while( i-1 <= links) { - - tmpsrealm.data = cap_nodes[i-1]; - /* don't count trailing whitespace from profile_get */ - tmpsrealm.length = strcspn(cap_nodes[i-1],"\t "); - if ((retval = krb5_tgtname(context, - &tmpsrealm, - &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - /* cleanup the cap_nodes from profile_get */ - for (i = 0; i<=links; i++) { - krb5_xfree(cap_nodes[i]); - } - krb5_xfree((char *)cap_nodes); - return retval; - } - tmpcrealm.data = tmpsrealm.data; - tmpcrealm.length = tmpsrealm.length; - i++; + /* Copy server realm "tweens" backward. */ + for (twp = &stweens[nstween]; twp-- > stweens;) { + krb5int_copy_data_contents(context, twp, rp++); + if (retval) goto error; + } +error: + if (retval) { + *nrealms = 0; + while (rp > r) { + krb5_free_data_contents(context, --rp); } - /* cleanup the cap_nodes from profile_get last one has server */ - for (i = 0; i<=links; i++) { - krb5_xfree(cap_nodes[i]); - } - krb5_xfree((char *)cap_nodes); - } else { /* if not cap then use hierarchical method */ - for (prevccp = ccp = client->data; - ccp <= com_cdot; - ccp++) { - if (*ccp != realm_branch_char) - continue; - ++ccp; /* advance past dot */ - tmpcrealm.data = prevccp; - tmpcrealm.length = client->length - - (prevccp - client->data); - tmpsrealm.data = ccp; - tmpsrealm.length = client->length - - (ccp - client->data); - if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } - prevccp = ccp; - i++; - } - if (nocommon) { - tmpcrealm.data = com_cdot + 1; - tmpcrealm.length = client->length - - (com_cdot + 1 - client->data); - tmpsrealm.data = com_sdot + 1; - tmpsrealm.length = server->length - - (com_sdot + 1 - server->data); - if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } - i++; - } + free(r); + r = NULL; + } + free(ctweens); + free(stweens); + *realms = r; + return retval; +} - for (prevscp = com_sdot + 1, scp = com_sdot - 1; - scp > server->data; - scp--) { - if (*scp != realm_branch_char) - continue; - if (scp - 1 < server->data) - break; /* XXX only if . starts realm? */ - tmpcrealm.data = prevscp; - tmpcrealm.length = server->length - - (prevscp - server->data); - tmpsrealm.data = scp + 1; - tmpsrealm.length = server->length - - (scp + 1 - server->data); - if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } - prevscp = scp + 1; - i++; +/* + * Build a list of realms between a given realm and the common + * suffix. The original realm is included, but the "tail" is only + * included if DOTAIL is true. + * + * Warning: This function intentionally aliases memory. Caller must + * make copies as needed and not call krb5_free_data_contents, etc. + */ +static krb5_error_code +rtree_hier_tweens( + krb5_context context, + struct hstate *realm, + krb5_data **tweens, + size_t *ntweens, + int dotail, + int sep) +{ + char *p, *r, *rtail, *lp; + size_t rlen, n; + krb5_data *tws, *ntws; + + r = realm->str; + rlen = realm->len; + rtail = realm->tail; + *tweens = ntws = tws = NULL; + *ntweens = n = 0; + + for (lp = p = r; p < &r[rlen]; p++) { + if (*p != sep && &p[1] != &r[rlen]) + continue; + if (lp == rtail && !dotail) + break; + ntws = realloc(tws, (n + 1) * sizeof(krb5_data)); + if (ntws == NULL) { + free(tws); + return ENOMEM; } - if (slen && com_sdot >= server->data) { - /* only necessary if building down tree from ancestor or client */ - /* however, we can get here if we have only one component - in the server realm name, hence we make sure we found a component - separator there... */ - tmpcrealm.data = prevscp; - tmpcrealm.length = server->length - - (prevscp - server->data); - if ((retval = krb5_tgtname(context, server, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } - } + tws = ntws; + tws[n].data = lp; + tws[n].length = &r[rlen] - lp; + n++; + if (lp == rtail) + break; + lp = &p[1]; } - *tree = rettree; + *tweens = tws; + *ntweens = n; + return 0; +} -#ifdef DEBUG_REFERRALS - printf("krb5_walk_realm_tree ending; tree (length %d) is:\n",links); - for(i=0;itail; + sp = s->tail; + if (cp == NULL || sp == NULL) + return; + /* + * Is it a full component? Yes, if it's the beginning of the + * string or there's a separator to the left. + * + * The index of -1 is valid because it only gets evaluated if the + * pointer is not at the beginning of the string. + */ + cfull = (cp == c->str || cp[-1] == sep); + sfull = (sp == s->str || sp[-1] == sep); + /* + * If they're both full components, we're done. + */ + if (cfull && sfull) { + return; + } else if (c->dot != NULL && s->dot != NULL) { + cp = c->dot + 1; + sp = s->dot + 1; + /* + * Out of bounds? Can only happen if there are trailing dots. + */ + if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) { + cp = sp = NULL; + } + } else { + cp = sp = NULL; } -#endif - return 0; + c->tail = cp; + s->tail = sp; } -#ifdef DEBUG_REFERRALS -void krb5int_dbgref_dump_principal(char *d, krb5_principal p) +/* + * Find common suffix of C and S. + * + * C->TAIL and S->TAIL will point to the respective suffixes. C->DOT + * and S->DOT will point to the nearest instances of SEP to the right + * of the start of each suffix. Caller must initialize TAIL and DOT + * pointers to null. + */ +static void +comtail(struct hstate *c, struct hstate *s, int sep) { - int n; - - printf(" **%s: ",d); - for (n=0;nlength;n++) - printf("%s<%.*s>",(n>0)?"/":"",p->data[n].length,p->data[n].data); - printf("@<%.*s> (length %d, type %d)\n",p->realm.length,p->realm.data, - p->length, p->type); + char *cp, *sp, *cdot, *sdot; + + if (c->len == 0 || s->len == 0) + return; + + cdot = sdot = NULL; + /* + * ANSI/ISO C allows a pointer one past the end but not one + * before the beginning of an array. + */ + cp = &c->str[c->len]; + sp = &s->str[s->len]; + /* + * Set CP and SP to point to the common suffix of each string. + * When we run into separators (dots, unless someone has a X.500 + * style realm), keep pointers to the latest pair. + */ + while (cp > c->str && sp > s->str) { + if (*--cp != *--sp) { + /* + * Didn't match, so most recent match is one byte to the + * right (or not at all). + */ + cp++; + sp++; + break; + } + /* + * Keep track of matching dots. + */ + if (*cp == sep) { + cdot = cp; + sdot = sp; + } + } + /* No match found at all. */ + if (cp == &c->str[c->len]) + return; + c->tail = cp; + s->tail = sp; + c->dot = cdot; + s->dot = sdot; } -#endif Modified: trunk/src/lib/krb5/krb/walktree-tests =================================================================== --- trunk/src/lib/krb5/krb/walktree-tests 2009-01-01 22:34:05 UTC (rev 21658) +++ trunk/src/lib/krb5/krb/walktree-tests 2009-01-02 01:40:41 UTC (rev 21659) @@ -68,4 +68,12 @@ set A.EXAMPLE.COM EXAMPLE.COM "A.EXAMPLE.COM at A.EXAMPLE.COM EXAMPLE.COM at A.EXAMPLE.COM" eval $check +echo CAPATH test +set ATHENA.MIT.EDU KERBEROS.COM "ATHENA.MIT.EDU at ATHENA.MIT.EDU KERBEROS.COM at ATHENA.MIT.EDU" +eval $check + +echo CAPATH test +set LCS.MIT.EDU KABLOOEY.KERBEROS.COM "LCS.MIT.EDU at LCS.MIT.EDU ATHENA.MIT.EDU at LCS.MIT.EDU KERBEROS.COM at ATHENA.MIT.EDU KABLOOEY.KERBEROS.COM at KERBEROS.COM" +eval $check + exit $err From lhoward at MIT.EDU Fri Jan 2 02:27:20 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 02:27:20 -0500 (EST) Subject: svn rev #21660: branches/mskrb-integ/src/kdc/ Message-ID: <200901020727.CAA22710@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21660 Commit By: lhoward Log Message: In an AS-REP, only canonicalize the server name if we are returning a TGT, and the client requested one Changed Files: U branches/mskrb-integ/src/kdc/do_as_req.c Modified: branches/mskrb-integ/src/kdc/do_as_req.c =================================================================== --- branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-02 01:40:41 UTC (rev 21659) +++ branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-02 07:27:20 UTC (rev 21660) @@ -112,7 +112,7 @@ char *cname = 0, *sname = 0; const char *fromstring = 0; unsigned int c_flags = 0, s_flags = 0; - krb5_principal_data server_princ, client_princ; + krb5_principal_data client_princ; char ktypestr[128]; char rep_etypestr[128]; char fromstringbuf[70]; @@ -281,23 +281,17 @@ } /* - * Turn off canonicalization for services that are aliases of - * the TGS, such as (in Windows) the changepw service. + * Canonicalization is only effective if we are issuing a TGT + * (the intention is to allow support for Windows "short" realm + * aliases, nothing more). */ if (isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE) && - krb5_is_tgs_principal(server.princ) && - !krb5_is_tgs_principal(request->server)) { - clear(s_flags, KRB5_KDB_FLAG_CANONICALIZE); - } - - if (isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { - server_princ = *(server.princ); + krb5_is_tgs_principal(request->server) && + krb5_is_tgs_principal(server.princ)) { + ticket_reply.server = server.princ; } else { - server_princ = *(request->server); - /* The realm is always canonicalized in Windows */ - server_princ.realm = *(krb5_princ_realm(context, server.princ)); + ticket_reply.server = request->server; } - ticket_reply.server = &server_princ; enc_tkt_reply.flags = 0; enc_tkt_reply.times.authtime = authtime; From lhoward at MIT.EDU Fri Jan 2 02:34:11 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 02:34:11 -0500 (EST) Subject: svn rev #21661: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901020734.CAA22859@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21661 Commit By: lhoward Log Message: move common macros into int-proto.h Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c U branches/mskrb-integ/src/lib/krb5/krb/gc_via_tkt.c U branches/mskrb-integ/src/lib/krb5/krb/int-proto.h U branches/mskrb-integ/src/lib/krb5/krb/valid_times.c Modified: branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c 2009-01-02 07:27:20 UTC (rev 21660) +++ branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c 2009-01-02 07:34:10 UTC (rev 21661) @@ -139,10 +139,6 @@ #define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND && \ (r) != KRB5_CC_NOT_KTYPE) -#define IS_TGS_PRINC(c, p) \ - (krb5_princ_size((c), (p)) == 2 && \ - data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) - /* * Flags for ccache lookups of cross-realm TGTs. * Modified: branches/mskrb-integ/src/lib/krb5/krb/gc_via_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/gc_via_tkt.c 2009-01-02 07:27:20 UTC (rev 21660) +++ branches/mskrb-integ/src/lib/krb5/krb/gc_via_tkt.c 2009-01-02 07:34:10 UTC (rev 21661) @@ -31,12 +31,6 @@ #include "k5-int.h" #include "int-proto.h" -#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) - -#define IS_TGS_PRINC(c, p) \ - (krb5_princ_size((c), (p)) == 2 && \ - data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) - static krb5_error_code krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *const *address, krb5_data *psectkt, krb5_creds **ppcreds) { Modified: branches/mskrb-integ/src/lib/krb5/krb/int-proto.h =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/int-proto.h 2009-01-02 07:27:20 UTC (rev 21660) +++ branches/mskrb-integ/src/lib/krb5/krb/int-proto.h 2009-01-02 07:34:10 UTC (rev 21661) @@ -59,5 +59,11 @@ krb5_creds *in_cred, krb5_creds **out_cred, krb5_creds ***tgts, int kdcopt); +#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) + +#define IS_TGS_PRINC(c, p) \ + (krb5_princ_size((c), (p)) == 2 && \ + data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) + #endif /* KRB5_INT_FUNC_PROTO__ */ Modified: branches/mskrb-integ/src/lib/krb5/krb/valid_times.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/valid_times.c 2009-01-02 07:27:20 UTC (rev 21660) +++ branches/mskrb-integ/src/lib/krb5/krb/valid_times.c 2009-01-02 07:34:10 UTC (rev 21661) @@ -29,8 +29,6 @@ #include "k5-int.h" -#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) - /* * This is an internal routine which validates the krb5_timestamps * field in a krb5_ticket. From lhoward at MIT.EDU Fri Jan 2 02:38:52 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 02:38:52 -0500 (EST) Subject: svn rev #21662: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901020738.CAA22982@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21662 Commit By: lhoward Log Message: Only allow the AS-REP server principal to be changed if we requested and received a TGT Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c Modified: branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c 2009-01-02 07:34:10 UTC (rev 21661) +++ branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c 2009-01-02 07:38:51 UTC (rev 21662) @@ -293,18 +293,28 @@ krb5_kdc_rep *as_reply) { krb5_error_code retval; - int canon_flag; + int canon_req; + int canon_ok; /* check the contents for sanity: */ if (!as_reply->enc_part2->times.starttime) as_reply->enc_part2->times.starttime = as_reply->enc_part2->times.authtime; - /* per referrals draft, enterprise principals imply canonicalization */ - canon_flag = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) || + /* + * We only allow the AS-REP server name to be changed if the + * caller set the canonicalize flag (or requested an enterprise + * principal) and we requested (and received) a TGT. + */ + canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) || (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL); + if (canon_req) { + canon_ok = IS_TGS_PRINC(context, request->server) && + IS_TGS_PRINC(context, as_reply->enc_part2->server); + } else + canon_ok = 0; - if ((!canon_flag && + if ((!canon_ok && (!krb5_principal_compare(context, as_reply->client, request->client) || !krb5_principal_compare(context, as_reply->enc_part2->server, request->server))) || !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server) @@ -1199,7 +1209,7 @@ krb5_data random_data; random_data.length = 4; - random_data.data = random_buf; + random_data.data = (char *)random_buf; if (krb5_c_random_make_octets(context, &random_data) == 0) /* See RT ticket 3196 at MIT. If we set the high bit, we may have compatibility problems with Heimdal, because From lhoward at MIT.EDU Fri Jan 2 02:47:41 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 02:47:41 -0500 (EST) Subject: svn rev #21663: branches/mskrb-integ/src/lib/krb5/asn.1/ Message-ID: <200901020747.CAA23165@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21663 Commit By: lhoward Log Message: be sure to decode enc_padata Changed Files: U branches/mskrb-integ/src/lib/krb5/asn.1/asn1_k_decode.c Modified: branches/mskrb-integ/src/lib/krb5/asn.1/asn1_k_decode.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/asn.1/asn1_k_decode.c 2009-01-02 07:38:51 UTC (rev 21662) +++ branches/mskrb-integ/src/lib/krb5/asn.1/asn1_k_decode.c 2009-01-02 07:47:40 UTC (rev 21663) @@ -579,6 +579,7 @@ get_field(val->server,9,asn1_decode_realm); get_field(val->server,10,asn1_decode_principal_name); opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); + opt_field(val->enc_padata,12,asn1_decode_sequence_of_pa_data,NULL); end_structure(); val->magic = KV5M_ENC_KDC_REP_PART; } From lhoward at MIT.EDU Fri Jan 2 03:16:29 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 03:16:29 -0500 (EST) Subject: svn rev #21664: branches/mskrb-integ/src/lib/gssapi/ krb5/ mechglue/ spnego/ Message-ID: <200901020816.DAA23555@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21664 Commit By: lhoward Log Message: Layer gss_sign() on top of gss_get_mic(), gss_verify() on top of gss_verify_mic(), rather than the other way around. Mechanisms should export a V2 interface. Changed Files: U branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h U branches/mskrb-integ/src/lib/gssapi/krb5/gssapi_krb5.c U branches/mskrb-integ/src/lib/gssapi/krb5/k5seal.c U branches/mskrb-integ/src/lib/gssapi/krb5/k5sealv3.c U branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c U branches/mskrb-integ/src/lib/gssapi/krb5/seal.c U branches/mskrb-integ/src/lib/gssapi/krb5/sign.c U branches/mskrb-integ/src/lib/gssapi/krb5/unseal.c U branches/mskrb-integ/src/lib/gssapi/krb5/verify.c U branches/mskrb-integ/src/lib/gssapi/mechglue/g_initialize.c U branches/mskrb-integ/src/lib/gssapi/mechglue/g_sign.c U branches/mskrb-integ/src/lib/gssapi/mechglue/g_verify.c U branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h U branches/mskrb-integ/src/lib/gssapi/spnego/gssapiP_spnego.h U branches/mskrb-integ/src/lib/gssapi/spnego/spnego_mech.c Modified: branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-02 08:16:27 UTC (rev 21664) @@ -319,7 +319,7 @@ OM_uint32 kg_seal (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, - int qop_req, + gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer, @@ -330,7 +330,7 @@ gss_buffer_t input_token_buffer, gss_buffer_t message_buffer, int *conf_state, - int *qop_state, + gss_qop_t *qop_state, int toktype); OM_uint32 kg_seal_size (OM_uint32 *minor_status, @@ -531,22 +531,6 @@ OM_uint32* /* time_rec */ ); -OM_uint32 krb5_gss_sign -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ -); - -OM_uint32 krb5_gss_verify -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* token_buffer */ - int* /* qop_state */ -); - OM_uint32 krb5_gss_display_status (OM_uint32*, /* minor_status */ OM_uint32, /* status_value */ @@ -796,7 +780,7 @@ unsigned char *ptr, unsigned int bodysize, gss_buffer_t message_buffer, - int *conf_state, int *qop_state, + int *conf_state, gss_qop_t *qop_state, int toktype); int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc); Modified: branches/mskrb-integ/src/lib/gssapi/krb5/gssapi_krb5.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/gssapi_krb5.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/gssapi_krb5.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -630,8 +630,8 @@ krb5_gss_process_context_token, krb5_gss_delete_sec_context, krb5_gss_context_time, - krb5_gss_sign, - krb5_gss_verify, + krb5_gss_get_mic, + krb5_gss_verify_mic, #ifdef IOV_SHIM_EXERCISE NULL, NULL, Modified: branches/mskrb-integ/src/lib/gssapi/krb5/k5seal.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/k5seal.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/k5seal.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -324,7 +324,7 @@ OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; - int qop_req; + gss_qop_t qop_req; gss_buffer_t input_message_buffer; int *conf_state; gss_buffer_t output_message_buffer; Modified: branches/mskrb-integ/src/lib/gssapi/krb5/k5sealv3.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/k5sealv3.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/k5sealv3.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -306,7 +306,7 @@ krb5_gss_ctx_id_rec *ctx, unsigned char *ptr, unsigned int bodysize, gss_buffer_t message_buffer, - int *conf_state, int *qop_state, int toktype) + int *conf_state, gss_qop_t *qop_state, int toktype) { krb5_context context = *contextptr; krb5_data plain; Modified: branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -486,7 +486,7 @@ gss_buffer_t input_token_buffer; gss_buffer_t message_buffer; int *conf_state; - int *qop_state; + gss_qop_t *qop_state; int toktype; { krb5_gss_ctx_id_rec *ctx; Modified: branches/mskrb-integ/src/lib/gssapi/krb5/seal.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/seal.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/seal.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -41,7 +41,7 @@ gss_buffer_t output_message_buffer; { return(kg_seal(minor_status, context_handle, conf_req_flag, - (int) qop_req, input_message_buffer, conf_state, + qop_req, input_message_buffer, conf_state, output_message_buffer, KG_TOK_WRAP_MSG)); } @@ -58,7 +58,8 @@ OM_uint32 major_status; major_status = kg_seal_iov(minor_status, context_handle, conf_req_flag, - qop_req, conf_state, iov, iov_count, KG_TOK_WRAP_MSG); + qop_req, conf_state, + iov, iov_count, KG_TOK_WRAP_MSG); return major_status; } Modified: branches/mskrb-integ/src/lib/gssapi/krb5/sign.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/sign.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/sign.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -27,21 +27,6 @@ * $Id$ */ -OM_uint32 -krb5_gss_sign(minor_status, context_handle, - qop_req, message_buffer, - message_token) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int qop_req; - gss_buffer_t message_buffer; - gss_buffer_t message_token; -{ - return(kg_seal(minor_status, context_handle, 0, - qop_req, message_buffer, NULL, - message_token, KG_TOK_SIGN_MSG)); -} - /* V2 interface */ OM_uint32 krb5_gss_get_mic(minor_status, context_handle, qop_req, @@ -53,7 +38,7 @@ gss_buffer_t message_token; { return(kg_seal(minor_status, context_handle, 0, - (int) qop_req, message_buffer, NULL, + qop_req, message_buffer, NULL, message_token, KG_TOK_MIC_MSG)); } Modified: branches/mskrb-integ/src/lib/gssapi/krb5/unseal.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/unseal.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/unseal.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -40,13 +40,10 @@ gss_qop_t *qop_state; { OM_uint32 rstat; - int qstate; rstat = kg_unseal(minor_status, context_handle, input_message_buffer, output_message_buffer, - conf_state, &qstate, KG_TOK_WRAP_MSG); - if (!rstat && qop_state) - *qop_state = (gss_qop_t) qstate; + conf_state, qop_state, KG_TOK_WRAP_MSG); return(rstat); } @@ -62,7 +59,8 @@ OM_uint32 major_status; major_status = kg_unseal_iov(minor_status, context_handle, - conf_state, qop_state, iov, iov_count, KG_TOK_WRAP_MSG); + conf_state, qop_state, + iov, iov_count, KG_TOK_WRAP_MSG); return major_status; } Modified: branches/mskrb-integ/src/lib/gssapi/krb5/verify.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/verify.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/krb5/verify.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -27,21 +27,6 @@ * $Id$ */ -OM_uint32 -krb5_gss_verify(minor_status, context_handle, - message_buffer, token_buffer, - qop_state) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t message_buffer; - gss_buffer_t token_buffer; - int *qop_state; -{ - return(kg_unseal(minor_status, context_handle, - token_buffer, message_buffer, - NULL, qop_state, KG_TOK_SIGN_MSG)); -} - /* V2 interface */ OM_uint32 krb5_gss_verify_mic(minor_status, context_handle, @@ -54,13 +39,10 @@ gss_qop_t *qop_state; { OM_uint32 rstat; - int qstate; rstat = kg_unseal(minor_status, context_handle, token_buffer, message_buffer, - NULL, &qstate, KG_TOK_MIC_MSG); - if (!rstat && qop_state) - *qop_state = (gss_qop_t) qstate; + NULL, qop_state, KG_TOK_MIC_MSG); return(rstat); } Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/g_initialize.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/mechglue/g_initialize.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/mechglue/g_initialize.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -729,8 +729,8 @@ GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_process_context_token); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_delete_sec_context); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_context_time); - GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_sign); - GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_verify); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_get_mic); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_verify_mic); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_display_status); Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/g_sign.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/mechglue/g_sign.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/mechglue/g_sign.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -23,16 +23,16 @@ */ /* - * glue routine gss_sign + * glue routine gss_get_mic */ #include "mglueP.h" static OM_uint32 -val_sign_args( +val_get_mic_args( OM_uint32 *minor_status, gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, gss_buffer_t message_buffer, gss_buffer_t msg_token) { @@ -66,15 +66,15 @@ OM_uint32 KRB5_CALLCONV -gss_sign (minor_status, - context_handle, - qop_req, - message_buffer, - msg_token) +gss_get_mic (minor_status, + context_handle, + qop_req, + message_buffer, + msg_token) OM_uint32 * minor_status; gss_ctx_id_t context_handle; -int qop_req; +gss_qop_t qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; @@ -83,8 +83,8 @@ gss_union_ctx_id_t ctx; gss_mechanism mech; - status = val_sign_args(minor_status, context_handle, - qop_req, message_buffer, msg_token); + status = val_get_mic_args(minor_status, context_handle, + qop_req, message_buffer, msg_token); if (status != GSS_S_COMPLETE) return (status); @@ -97,8 +97,8 @@ mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_sign) { - status = mech->gss_sign( + if (mech->gss_get_mic) { + status = mech->gss_get_mic( minor_status, ctx->internal_ctx_id, qop_req, @@ -116,7 +116,7 @@ } OM_uint32 KRB5_CALLCONV -gss_get_mic (minor_status, +gss_sign (minor_status, context_handle, qop_req, message_buffer, @@ -124,12 +124,12 @@ OM_uint32 * minor_status; gss_ctx_id_t context_handle; -gss_qop_t qop_req; +int qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; { - return (gss_sign(minor_status, context_handle, (int) qop_req, - message_buffer, msg_token)); + return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req, + message_buffer, msg_token)); } Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/g_verify.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/mechglue/g_verify.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/mechglue/g_verify.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -23,23 +23,23 @@ */ /* - * glue routine for gss_verify + * glue routine for gss_verify_mic */ #include "mglueP.h" OM_uint32 KRB5_CALLCONV -gss_verify (minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state) +gss_verify_mic (minor_status, + context_handle, + message_buffer, + token_buffer, + qop_state) OM_uint32 * minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -int * qop_state; +gss_qop_t * qop_state; { OM_uint32 status; @@ -68,13 +68,13 @@ mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_verify) { - status = mech->gss_verify( - minor_status, - ctx->internal_ctx_id, - message_buffer, - token_buffer, - qop_state); + if (mech->gss_verify_mic) { + status = mech->gss_verify_mic( + minor_status, + ctx->internal_ctx_id, + message_buffer, + token_buffer, + qop_state); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); } else @@ -87,7 +87,7 @@ } OM_uint32 KRB5_CALLCONV -gss_verify_mic (minor_status, +gss_verify (minor_status, context_handle, message_buffer, token_buffer, @@ -97,9 +97,10 @@ gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -gss_qop_t * qop_state; +int * qop_state; { - return (gss_verify(minor_status, context_handle, - message_buffer, token_buffer, (int *) qop_state)); + return (gss_verify_mic(minor_status, context_handle, + message_buffer, token_buffer, + (gss_qop_t *) qop_state)); } Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h =================================================================== --- branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h 2009-01-02 08:16:27 UTC (rev 21664) @@ -184,21 +184,21 @@ gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ ); - OM_uint32 (*gss_sign) + OM_uint32 (*gss_get_mic) ( OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ + gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ ); - OM_uint32 (*gss_verify) + OM_uint32 (*gss_verify_mic) ( OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ - int* /* qop_state */ + gss_qop_t* /* qop_state */ ); OM_uint32 (*gss_wrap) ( Modified: branches/mskrb-integ/src/lib/gssapi/spnego/gssapiP_spnego.h =================================================================== --- branches/mskrb-integ/src/lib/gssapi/spnego/gssapiP_spnego.h 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/spnego/gssapiP_spnego.h 2009-01-02 08:16:27 UTC (rev 21664) @@ -305,22 +305,22 @@ OM_uint32 *max_input_size ); -OM_uint32 spnego_gss_sign +OM_uint32 spnego_gss_get_mic ( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token ); -OM_uint32 spnego_gss_verify +OM_uint32 spnego_gss_verify_mic ( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t msg_buffer, const gss_buffer_t token_buffer, - int *qop_state + gss_qop_t *qop_state ); OM_uint32 Modified: branches/mskrb-integ/src/lib/gssapi/spnego/spnego_mech.c =================================================================== --- branches/mskrb-integ/src/lib/gssapi/spnego/spnego_mech.c 2009-01-02 07:47:40 UTC (rev 21663) +++ branches/mskrb-integ/src/lib/gssapi/spnego/spnego_mech.c 2009-01-02 08:16:27 UTC (rev 21664) @@ -221,8 +221,8 @@ NULL, /* gss_process_context_token */ spnego_gss_delete_sec_context, /* gss_delete_sec_context */ spnego_gss_context_time, /* gss_context_time */ - spnego_gss_sign, /* gss_sign */ - spnego_gss_verify, /* gss_verify */ + spnego_gss_get_mic, /* gss_get_mic */ + spnego_gss_verify_mic, /* gss_verify_mic */ spnego_gss_wrap, /* gss_wrap */ spnego_gss_unwrap, /* gss_unwrap */ spnego_gss_display_status, @@ -2033,15 +2033,15 @@ } OM_uint32 -spnego_gss_sign( +spnego_gss_get_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token) { OM_uint32 ret; - ret = gss_sign(minor_status, + ret = gss_get_mic(minor_status, context_handle, qop_req, message_buffer, @@ -2050,19 +2050,19 @@ } OM_uint32 -spnego_gss_verify( +spnego_gss_verify_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t msg_buffer, const gss_buffer_t token_buffer, - int *qop_state) + gss_qop_t *qop_state) { OM_uint32 ret; ret = gss_verify_mic(minor_status, context_handle, msg_buffer, token_buffer, - (gss_qop_t *)qop_state); /* XXX */ + qop_state); return (ret); } From hartmans at MIT.EDU Fri Jan 2 14:12:33 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 14:12:33 -0500 (EST) Subject: svn rev #21665: branches/mskrb-integ/src/kadmin/server/ Message-ID: <200901021912.OAA03202@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21665 Commit By: hartmans Log Message: Don't register any services with portmap. Works around test instability problem but not desirable for iprop Changed Files: U branches/mskrb-integ/src/kadmin/server/network.c Modified: branches/mskrb-integ/src/kadmin/server/network.c =================================================================== --- branches/mskrb-integ/src/kadmin/server/network.c 2009-01-02 08:16:27 UTC (rev 21664) +++ branches/mskrb-integ/src/kadmin/server/network.c 2009-01-02 19:12:32 UTC (rev 21665) @@ -443,7 +443,7 @@ } if (!svc_register(conn->u.rpc.transp, svc->prognum, svc->versnum, - svc->dispatch, IPPROTO_TCP)) { + svc->dispatch, 0)) { krb5_klog_syslog(LOG_ERR, "Cannot register RPC service: %s; continuing", strerror(errno)); delete_fd(conn); From hartmans at MIT.EDU Fri Jan 2 15:14:40 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 15:14:40 -0500 (EST) Subject: svn rev #21666: branches/mskrb-integ/src/kdc/ Message-ID: <200901022014.PAA04024@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21666 Commit By: hartmans Log Message: KDC always assumes a server supports des-cbc-crc. Among other things, the test suite depends on this. Changed Files: U branches/mskrb-integ/src/kdc/kdc_util.c Modified: branches/mskrb-integ/src/kdc/kdc_util.c =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 19:12:32 UTC (rev 21665) +++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 20:14:40 UTC (rev 21666) @@ -1464,7 +1464,7 @@ * XXX we assume everything can understand DES_CBC_CRC */ if (enctype == ENCTYPE_DES_CBC_CRC) - return 0; + return 1; /* * If we have a key for the encryption system, we assume it's From hartmans at MIT.EDU Fri Jan 2 15:14:50 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 15:14:50 -0500 (EST) Subject: svn rev #21667: branches/mskrb-integ/src/kdc/ Message-ID: <200901022014.PAA04098@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21667 Commit By: hartmans Log Message: Use kdb keytab to look up service principal Changed Files: U branches/mskrb-integ/src/kdc/kdc_util.c Modified: branches/mskrb-integ/src/kdc/kdc_util.c =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 20:14:40 UTC (rev 21666) +++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 20:14:49 UTC (rev 21667) @@ -247,8 +247,6 @@ krb5_auth_context auth_context = NULL; krb5_authenticator * authenticator = NULL; krb5_checksum * his_cksum = NULL; - krb5_keyblock * key = NULL; - krb5_kvno kvno = 0; *nprincs = 0; @@ -292,18 +290,7 @@ goto cleanup_auth_context; #endif - if ((retval = kdc_get_server_key(apreq->ticket, 0, krbtgt, nprincs, &key, &kvno))) - goto cleanup_auth_context; - /* - * XXX This is currently wrong but to fix it will require making a - * new keytab for groveling over the kdb. - */ - retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, key); - krb5_free_keyblock(kdc_context, key); - if (retval) - goto cleanup_auth_context; - if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq, apreq->ticket->server, kdc_active_realm->realm_keytab, From hartmans at MIT.EDU Fri Jan 2 15:35:22 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 15:35:22 -0500 (EST) Subject: svn rev #21668: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901022035.PAA04510@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21668 Commit By: hartmans Log Message: Using the server name as a hint is inappropriate. The server name is a security constraint. If set, it must constrain the principals that can be authenticated to; otherwise applications may get behavior that breaks security policy. It is a goal that applications need to change to take advantage of any server search. Remove dead code Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c Modified: branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c 2009-01-02 20:14:49 UTC (rev 21667) +++ branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c 2009-01-02 20:35:22 UTC (rev 21668) @@ -110,9 +110,7 @@ (void) krb5_free_keytab_entry_contents(context, &ktent); } - } - - if (retval == KRB5_KT_NOTFOUND && keytab->ops->start_seq_get != NULL) { + } else { krb5_error_code code; krb5_kt_cursor cursor; @@ -203,25 +201,8 @@ princ_data.realm.data = realm; princ_data.realm.length = strlen(realm); } - /* - * The following code is commented out now that match based on - * key rather than name. - */ -#if 0 - if (server && !krb5_principal_compare(context, server, req->ticket->server)) { - char *found_name = 0, *wanted_name = 0; - if (krb5_unparse_name(context, server, &wanted_name) == 0 - && krb5_unparse_name(context, req->ticket->server, &found_name) == 0) - krb5_set_error_message(context, KRB5KRB_AP_WRONG_PRINC, - "Wrong principal in request (found %s, wanted %s)", - found_name, wanted_name); - krb5_free_unparsed_name(context, wanted_name); - krb5_free_unparsed_name(context, found_name); - retval = KRB5KRB_AP_WRONG_PRINC; - goto cleanup; - } -#endif + /* if (req->ap_options & AP_OPTS_USE_SESSION_KEY) do we need special processing here ? */ From lhoward at MIT.EDU Fri Jan 2 16:50:55 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 16:50:55 -0500 (EST) Subject: svn rev #21669: branches/mskrb-integ/src/kdc/ Message-ID: <200901022150.QAA05464@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21669 Commit By: lhoward Log Message: Validate k_nprincs != 0 before passing a pointer to krbtgt Changed Files: U branches/mskrb-integ/src/kdc/do_tgs_req.c Modified: branches/mskrb-integ/src/kdc/do_tgs_req.c =================================================================== --- branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-02 20:35:22 UTC (rev 21668) +++ branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-02 21:50:54 UTC (rev 21669) @@ -628,7 +628,7 @@ c_flags, (c_nprincs != 0) ? &client : NULL, &server, - &krbtgt, + k_nprincs ? &krbtgt : NULL, subkey != NULL ? subkey : header_ticket->enc_part2->session, &encrypting_key, /* U2U or server key */ @@ -697,7 +697,7 @@ } if (isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) { errcode = validate_transit_path(kdc_context, header_enc_tkt->client, - &server, &krbtgt); + &server, k_nprincs ? &krbtgt : NULL); if (errcode) { status = "NON_TRANSITIVE"; goto cleanup; From lhoward at MIT.EDU Fri Jan 2 16:55:21 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 16:55:21 -0500 (EST) Subject: svn rev #21670: branches/mskrb-integ/src/kdc/ Message-ID: <200901022155.QAA05585@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21670 Commit By: lhoward Log Message: Revert r21667, it breaks authorization data backends that need access to the KDC key to validate signatures Changed Files: U branches/mskrb-integ/src/kdc/kdc_util.c Modified: branches/mskrb-integ/src/kdc/kdc_util.c =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 21:50:54 UTC (rev 21669) +++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 21:55:20 UTC (rev 21670) @@ -247,6 +247,8 @@ krb5_auth_context auth_context = NULL; krb5_authenticator * authenticator = NULL; krb5_checksum * his_cksum = NULL; + krb5_keyblock * key = NULL; + krb5_kvno kvno = 0; *nprincs = 0; @@ -290,7 +292,18 @@ goto cleanup_auth_context; #endif + if ((retval = kdc_get_server_key(apreq->ticket, 0, krbtgt, nprincs, &key, &kvno))) + goto cleanup_auth_context; + /* + * XXX This is currently wrong but to fix it will require making a + * new keytab for groveling over the kdb. + */ + retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, key); + krb5_free_keyblock(kdc_context, key); + if (retval) + goto cleanup_auth_context; + if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq, apreq->ticket->server, kdc_active_realm->realm_keytab, From lhoward at MIT.EDU Fri Jan 2 17:48:17 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 17:48:17 -0500 (EST) Subject: svn rev #21671: branches/mskrb-integ/src/kdc/ Message-ID: <200901022248.RAA06256@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21671 Commit By: lhoward Log Message: cleanup Changed Files: U branches/mskrb-integ/src/kdc/do_tgs_req.c Modified: branches/mskrb-integ/src/kdc/do_tgs_req.c =================================================================== --- branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-02 21:55:20 UTC (rev 21670) +++ branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-02 22:48:16 UTC (rev 21671) @@ -628,7 +628,7 @@ c_flags, (c_nprincs != 0) ? &client : NULL, &server, - k_nprincs ? &krbtgt : NULL, + (k_nprincs != 0) ? &krbtgt : NULL, subkey != NULL ? subkey : header_ticket->enc_part2->session, &encrypting_key, /* U2U or server key */ @@ -697,7 +697,8 @@ } if (isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) { errcode = validate_transit_path(kdc_context, header_enc_tkt->client, - &server, k_nprincs ? &krbtgt : NULL); + &server, + (k_nprincs != 0) ? &krbtgt : NULL); if (errcode) { status = "NON_TRANSITIVE"; goto cleanup; From lhoward at MIT.EDU Fri Jan 2 18:54:02 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 18:54:02 -0500 (EST) Subject: svn rev #21672: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901022354.SAA07062@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21672 Commit By: lhoward Log Message: Handle KDC_ERR_WRONG_REALM in krb5_get_in_tkt() - needs review, not completely tested yet Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c Modified: branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c 2009-01-02 22:48:16 UTC (rev 21671) +++ branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c 2009-01-02 23:53:55 UTC (rev 21672) @@ -671,8 +671,12 @@ } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { if (++referral_count > KRB5_REFERRAL_MAXHOPS || err_reply->client == NULL || - err_reply->client->realm.length == 0) + err_reply->client->realm.length == 0) { + retval = (krb5_error_code) err_reply->error + + ERROR_TABLE_BASE_krb5; + krb5_free_error(context, err_reply); goto cleanup; + } /* Rewrite request.client with realm from error reply */ if (referred_client.realm.data) { krb5_free_data_contents(context, &referred_client.realm); @@ -970,6 +974,8 @@ krb5_timestamp time_now; krb5_enctype etype = 0; krb5_preauth_client_rock get_data_rock; + int canon_flag = 0; + krb5_principal_data referred_client; /* initialize everything which will be freed at cleanup */ @@ -994,6 +1000,11 @@ err_reply = NULL; + /* referred_client is used to rewrite the client realm for referrals */ + referred_client = *client; + referred_client.realm.data = NULL; + referred_client.realm.length = 0; + /* * Set up the basic request structure */ @@ -1103,6 +1114,10 @@ request.client = client; + /* per referrals draft, enterprise principals imply canonicalization */ + canon_flag = ((request.kdc_options & KDC_OPT_CANONICALIZE) != 0) || + client->type == KRB5_NT_ENTERPRISE_PRINCIPAL; + /* service */ if (in_tkt_service) { @@ -1311,6 +1326,26 @@ if (ret) goto cleanup; /* continue to next iteration */ + } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { + if (err_reply->client == NULL || + err_reply->client->realm.length == 0) { + ret = (krb5_error_code) err_reply->error + + ERROR_TABLE_BASE_krb5; + krb5_free_error(context, err_reply); + goto cleanup; + } + /* Rewrite request.client with realm from error reply */ + if (referred_client.realm.data) { + krb5_free_data_contents(context, &referred_client.realm); + referred_client.realm.data = NULL; + } + ret = krb5int_copy_data_contents(context, + &err_reply->client->realm, + &referred_client.realm); + krb5_free_error(context, err_reply); + if (ret) + goto cleanup; + request.client = &referred_client; } else { if (err_reply->e_data.length > 0) { /* continue to next iteration */ @@ -1461,6 +1496,8 @@ *as_reply = local_as_reply; else if (local_as_reply) krb5_free_kdc_rep(context, local_as_reply); + if (referred_client.realm.data) + krb5_free_data_contents(context, &referred_client.realm); return(ret); } From hartmans at MIT.EDU Fri Jan 2 18:55:51 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 18:55:51 -0500 (EST) Subject: svn rev #21673: branches/mskrb-integ/src/kdc/ Message-ID: <200901022355.SAA07172@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21673 Commit By: hartmans Log Message: Fix up comment to explain why the kdb keytab is not used in the tgs case any more Changed Files: U branches/mskrb-integ/src/kdc/kdc_util.c Modified: branches/mskrb-integ/src/kdc/kdc_util.c =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 23:53:55 UTC (rev 21672) +++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 23:55:49 UTC (rev 21673) @@ -294,11 +294,9 @@ if ((retval = kdc_get_server_key(apreq->ticket, 0, krbtgt, nprincs, &key, &kvno))) goto cleanup_auth_context; - /* - * XXX This is currently wrong but to fix it will require making a - * new keytab for groveling over the kdb. - */ +* We do not use the KDB keytab because other parts of the TGS need the TGT key. +*/ retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, key); krb5_free_keyblock(kdc_context, key); if (retval) From lhoward at MIT.EDU Fri Jan 2 18:55:52 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 18:55:52 -0500 (EST) Subject: svn rev #21674: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901022355.SAA07173@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21674 Commit By: lhoward Log Message: Cleanup Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c Modified: branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c 2009-01-02 23:55:49 UTC (rev 21673) +++ branches/mskrb-integ/src/lib/krb5/krb/get_in_tkt.c 2009-01-02 23:55:50 UTC (rev 21674) @@ -672,8 +672,7 @@ if (++referral_count > KRB5_REFERRAL_MAXHOPS || err_reply->client == NULL || err_reply->client->realm.length == 0) { - retval = (krb5_error_code) err_reply->error + - ERROR_TABLE_BASE_krb5; + retval = KRB5KDC_ERR_WRONG_REALM; krb5_free_error(context, err_reply); goto cleanup; } @@ -1329,8 +1328,7 @@ } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { if (err_reply->client == NULL || err_reply->client->realm.length == 0) { - ret = (krb5_error_code) err_reply->error - + ERROR_TABLE_BASE_krb5; + ret = KRB5KDC_ERR_WRONG_REALM; krb5_free_error(context, err_reply); goto cleanup; } From lhoward at MIT.EDU Fri Jan 2 18:59:18 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 18:59:18 -0500 (EST) Subject: svn rev #21675: branches/mskrb-integ/src/kdc/ Message-ID: <200901022359.SAA07336@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21675 Commit By: lhoward Log Message: Indent fixup Changed Files: U branches/mskrb-integ/src/kdc/kdc_util.c Modified: branches/mskrb-integ/src/kdc/kdc_util.c =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 23:55:50 UTC (rev 21674) +++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 23:59:17 UTC (rev 21675) @@ -295,8 +295,8 @@ if ((retval = kdc_get_server_key(apreq->ticket, 0, krbtgt, nprincs, &key, &kvno))) goto cleanup_auth_context; /* -* We do not use the KDB keytab because other parts of the TGS need the TGT key. -*/ + * We do not use the KDB keytab because other parts of the TGS need the TGT key. + */ retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, key); krb5_free_keyblock(kdc_context, key); if (retval) From lhoward at MIT.EDU Fri Jan 2 20:28:19 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Fri, 2 Jan 2009 20:28:19 -0500 (EST) Subject: svn rev #21676: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901030128.UAA08444@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21676 Commit By: lhoward Log Message: If KRB5_PRINCIPAL_UNPARSE_NO_REALM is specified, don't escape the @ symbol. Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/unparse.c Modified: branches/mskrb-integ/src/lib/krb5/krb/unparse.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/unparse.c 2009-01-02 23:59:17 UTC (rev 21675) +++ branches/mskrb-integ/src/lib/krb5/krb/unparse.c 2009-01-03 01:28:18 UTC (rev 21676) @@ -66,8 +66,12 @@ int size = length; if ((flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) == 0) { + int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && + !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); + for (j = 0; j < length; j++,cp++) - if (*cp == REALM_SEP || *cp == COMPONENT_SEP || + if ((!no_realm && *cp == REALM_SEP) || + *cp == COMPONENT_SEP || *cp == '\0' || *cp == '\\' || *cp == '\t' || *cp == '\n' || *cp == '\b') size++; @@ -90,9 +94,16 @@ } for (j=0; j < length; j++,cp++) { + int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && + !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); + switch (*cp) { + case REALM_SEP: + if (no_realm) { + *q++ = *cp; + break; + } case COMPONENT_SEP: - case REALM_SEP: case '\\': *q++ = '\\'; *q++ = *cp; From hartmans at MIT.EDU Fri Jan 2 20:28:32 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 20:28:32 -0500 (EST) Subject: svn rev #21677: branches/mskrb-integ/src/lib/krb5/krb/ Message-ID: <200901030128.UAA08517@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21677 Commit By: hartmans Log Message: krb5_rd_req: Don't set server to ticket->server krb5_rd_rec_decoded: change ticket->server to the principal we actually match from the keytab; this produces better application behavior although is somewhat non-intuitive. Set up the replay cache here because we have the server principal Changed Files: U branches/mskrb-integ/src/lib/krb5/krb/rd_req.c U branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c Modified: branches/mskrb-integ/src/lib/krb5/krb/rd_req.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/rd_req.c 2009-01-03 01:28:18 UTC (rev 21676) +++ branches/mskrb-integ/src/lib/krb5/krb/rd_req.c 2009-01-03 01:28:31 UTC (rev 21677) @@ -77,19 +77,6 @@ *auth_context = new_auth_context; } - if (!server) { - server = request->ticket->server; - } - /* Get an rcache if necessary. */ - if (((*auth_context)->rcache == NULL) - && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) - && server) { - if ((retval = krb5_get_server_rcache(context, - krb5_princ_component(context, - server,0), - &(*auth_context)->rcache))) - goto cleanup_auth_context; - } #ifndef LEAN_CLIENT /* Get a keytab if necessary. */ Modified: branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c 2009-01-03 01:28:18 UTC (rev 21676) +++ branches/mskrb-integ/src/lib/krb5/krb/rd_req_dec.c 2009-01-03 01:28:31 UTC (rev 21677) @@ -126,10 +126,25 @@ retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket); + if (retval == 0 ) { + /* + * We overwrite ticket->server to be the principal + * that we match in the keytab. The reason for doing + * this is that GSS-API and other consumers look at + * that principal to make authorization decisions + * about whether the appropriate server is contacted. + * It might be cleaner to create a new API and store + * the server in the auth_context, but doing so would + * probably miss existing uses of the server. Instead, + * perhaps an API should be created to retrieve the + * server as it appeared in the ticket. + */ + krb5_free_principal(context, req->ticket->server); + retval = krb5_copy_principal(context, ktent.principal, &req->ticket->server); + (void) krb5_free_keytab_entry_contents(context, &ktent); + break; + } (void) krb5_free_keytab_entry_contents(context, &ktent); - - if (retval == 0) - break; } code = krb5_kt_end_seq_get(context, keytab, &cursor); @@ -240,6 +255,19 @@ goto cleanup; } + if (!server) { + server = req->ticket->server; + } + /* Get an rcache if necessary. */ + if (((*auth_context)->rcache == NULL) + && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) + && server) { + if ((retval = krb5_get_server_rcache(context, + krb5_princ_component(context, + server,0), + &(*auth_context)->rcache))) + goto cleanup; + } /* okay, now check cross-realm policy */ #if defined(_SINGLE_HOP_ONLY) From hartmans at MIT.EDU Fri Jan 2 22:01:11 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 22:01:11 -0500 (EST) Subject: svn rev #21680: branches/mskrb-integ/src/kadmin/server/ Message-ID: <200901030301.WAA09781@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21680 Commit By: hartmans Log Message: fix merge error Changed Files: U branches/mskrb-integ/src/kadmin/server/misc.h Modified: branches/mskrb-integ/src/kadmin/server/misc.h =================================================================== --- branches/mskrb-integ/src/kadmin/server/misc.h 2009-01-03 03:00:58 UTC (rev 21679) +++ branches/mskrb-integ/src/kadmin/server/misc.h 2009-01-03 03:01:10 UTC (rev 21680) @@ -70,7 +70,7 @@ gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name, krb5_principal *princ, gss_buffer_t gss_str); -<<<<<<< HEAD:src/kadmin/server/misc.h + extern volatile int signal_request_exit; extern volatile int signal_request_hup; @@ -84,8 +84,7 @@ krb5_error_code listen_and_process(void *handle, const char *prog); krb5_error_code closedown_network(void *handle, const char *prog); -#endif /* _MISC_H */ -======= + void krb5_iprop_prog_1(struct svc_req *rqstp, SVCXPRT *transp); @@ -94,4 +93,5 @@ const char *, char **); ->>>>>>> trunk:src/kadmin/server/misc.h + +#endif /* _MISC_H */ From hartmans at MIT.EDU Fri Jan 2 22:01:06 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 22:01:06 -0500 (EST) Subject: svn rev #21679: branches/mskrb-integ/src/ appl/gssftp/ftp/ appl/gssftp/ftpd/ ... Message-ID: <200901030301.WAA09707@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21679 Commit By: hartmans Log Message: Make depend Changed Files: U branches/mskrb-integ/src/appl/gssftp/ftp/Makefile.in U branches/mskrb-integ/src/appl/gssftp/ftpd/Makefile.in U branches/mskrb-integ/src/appl/telnet/telnet/Makefile.in U branches/mskrb-integ/src/kadmin/passwd/Makefile.in U branches/mskrb-integ/src/kadmin/server/Makefile.in U branches/mskrb-integ/src/kadmin/testing/util/Makefile.in U branches/mskrb-integ/src/kdc/Makefile.in U branches/mskrb-integ/src/lib/crypto/Makefile.in U branches/mskrb-integ/src/lib/crypto/arcfour/Makefile.in U branches/mskrb-integ/src/lib/crypto/des/Makefile.in U branches/mskrb-integ/src/lib/crypto/dk/Makefile.in U branches/mskrb-integ/src/lib/crypto/enc_provider/Makefile.in U branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in U branches/mskrb-integ/src/lib/crypto/raw/Makefile.in U branches/mskrb-integ/src/lib/gssapi/generic/Makefile.in U branches/mskrb-integ/src/lib/gssapi/krb5/Makefile.in U branches/mskrb-integ/src/lib/gssapi/mechglue/Makefile.in U branches/mskrb-integ/src/lib/gssapi/spnego/Makefile.in U branches/mskrb-integ/src/lib/kadm5/Makefile.in U branches/mskrb-integ/src/lib/kadm5/clnt/Makefile.in U branches/mskrb-integ/src/lib/kadm5/srv/Makefile.in U branches/mskrb-integ/src/lib/kadm5/unit-test/Makefile.in U branches/mskrb-integ/src/lib/kdb/Makefile.in U branches/mskrb-integ/src/lib/krb5/krb/Makefile.in U branches/mskrb-integ/src/lib/krb5/unicode/Makefile.in U branches/mskrb-integ/src/lib/rpc/Makefile.in U branches/mskrb-integ/src/lib/rpc/unit-test/Makefile.in U branches/mskrb-integ/src/plugins/kdb/db2/Makefile.in U branches/mskrb-integ/src/plugins/kdb/db2/libdb2/btree/Makefile.in U branches/mskrb-integ/src/plugins/kdb/db2/libdb2/db/Makefile.in U branches/mskrb-integ/src/plugins/kdb/db2/libdb2/hash/Makefile.in U branches/mskrb-integ/src/plugins/kdb/db2/libdb2/mpool/Makefile.in U branches/mskrb-integ/src/plugins/kdb/db2/libdb2/recno/Makefile.in U branches/mskrb-integ/src/plugins/preauth/pkinit/Makefile.in U branches/mskrb-integ/src/util/ss/Makefile.in U branches/mskrb-integ/src/util/support/Makefile.in Modified: branches/mskrb-integ/src/appl/gssftp/ftp/Makefile.in =================================================================== --- branches/mskrb-integ/src/appl/gssftp/ftp/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/appl/gssftp/ftp/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -75,12 +75,12 @@ $(OUTPRE)cmdtab.$(OBJEXT): cmdtab.c ftp_var.h $(OUTPRE)domacro.$(OBJEXT): domacro.c ftp_var.h $(OUTPRE)ftp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ - $(srcdir)/../arpa/ftp.h $(srcdir)/../arpa/telnet.h \ - ftp.c ftp_var.h secure.h + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ + $(srcdir)/../arpa/telnet.h ftp.c ftp_var.h secure.h $(OUTPRE)getpass.$(OBJEXT): ftp_var.h getpass.c $(OUTPRE)glob.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ Modified: branches/mskrb-integ/src/appl/gssftp/ftpd/Makefile.in =================================================================== --- branches/mskrb-integ/src/appl/gssftp/ftpd/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/appl/gssftp/ftpd/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -82,13 +82,14 @@ # the Makefile.in file # $(OUTPRE)ftpd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/libpty.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ - $(srcdir)/../arpa/ftp.h $(srcdir)/../arpa/telnet.h \ - ftpd.c ftpd_var.h pathnames.h secure.h + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ + $(srcdir)/../arpa/telnet.h ftpd.c ftpd_var.h pathnames.h \ + secure.h $(OUTPRE)ftpcmd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_generic.h $(SRCTOP)/include/k5-buf.h \ $(srcdir)/../arpa/ftp.h $(srcdir)/../arpa/telnet.h \ Modified: branches/mskrb-integ/src/appl/telnet/telnet/Makefile.in =================================================================== --- branches/mskrb-integ/src/appl/telnet/telnet/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/appl/telnet/telnet/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -98,15 +98,18 @@ $(OUTPRE)ring.$(OBJEXT): general.h ring.c ring.h $(OUTPRE)sys_bsd.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ defines.h externs.h fdset.h ring.h sys_bsd.c types.h -$(OUTPRE)telnet.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ - $(srcdir)/../libtelnet/misc-proto.h defines.h externs.h \ - general.h ring.h telnet.c types.h +$(OUTPRE)telnet.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/misc-proto.h \ + defines.h externs.h general.h ring.h telnet.c types.h $(OUTPRE)terminal.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ externs.h ring.h terminal.c types.h -$(OUTPRE)utilities.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ - defines.h externs.h fdset.h general.h ring.h utilities.c +$(OUTPRE)utilities.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h defines.h externs.h \ + fdset.h general.h ring.h utilities.c Modified: branches/mskrb-integ/src/kadmin/passwd/Makefile.in =================================================================== --- branches/mskrb-integ/src/kadmin/passwd/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/kadmin/passwd/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -29,29 +29,26 @@ # Makefile dependencies follow. This must be the last section in # the Makefile.in file # -$(OUTPRE)tty_kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h kpasswd.h \ - kpasswd_strings.h tty_kpasswd.c -$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h kpasswd.c \ - kpasswd.h kpasswd_strings.h +$(OUTPRE)tty_kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h kpasswd.h kpasswd_strings.h \ + tty_kpasswd.c +$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h kpasswd.c kpasswd.h kpasswd_strings.h $(OUTPRE)kpasswd_strings.$(OBJEXT): $(COM_ERR_DEPS) \ kpasswd_strings.c Modified: branches/mskrb-integ/src/kadmin/server/Makefile.in =================================================================== --- branches/mskrb-integ/src/kadmin/server/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/kadmin/server/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -33,42 +33,41 @@ # the Makefile.in file # $(OUTPRE)kadm_rpc_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h kadm_rpc_svc.c \ + misc.h +$(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_acl.h \ $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h kadm_rpc_svc.c misc.h -$(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h misc.h server_stubs.c +$(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ $(BUILDTOP)/include/kadm5/server_acl.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h misc.h \ - server_stubs.c -$(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_acl.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ @@ -85,8 +84,9 @@ $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/lib/gssapi/generic/gssapiP_generic.h $(SRCTOP)/lib/gssapi/generic/gssapi_generic.h \ - $(SRCTOP)/lib/gssapi/krb5/gssapiP_krb5.h misc.h ovsec_kadmd.c + $(SRCTOP)/lib/gssapi/generic/gssapiP_generic.h $(SRCTOP)/lib/gssapi/generic/gssapi_ext.h \ + $(SRCTOP)/lib/gssapi/generic/gssapi_generic.h $(SRCTOP)/lib/gssapi/krb5/gssapiP_krb5.h \ + misc.h ovsec_kadmd.c $(OUTPRE)schpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ @@ -109,44 +109,43 @@ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(BUILDTOP)/include/kadm5/server_acl.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h misc.c misc.h -$(OUTPRE)server_glue_v1.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h misc.h \ - server_glue_v1.c -$(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ +$(OUTPRE)server_glue_v1.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h misc.h server_glue_v1.c +$(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ @@ -158,14 +157,18 @@ $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/gssrpc/auth.h \ $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/lib/kadm5/srv/server_acl.h network.c misc.h + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h misc.h network.c Modified: branches/mskrb-integ/src/kadmin/testing/util/Makefile.in =================================================================== --- branches/mskrb-integ/src/kadmin/testing/util/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/kadmin/testing/util/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -56,8 +56,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c $(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -68,8 +67,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h tcl_kadm5.c tcl_kadm5.h $(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ tcl_kadm5.h test.c Modified: branches/mskrb-integ/src/kdc/Makefile.in =================================================================== --- branches/mskrb-integ/src/kdc/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/kdc/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -92,7 +92,8 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h dispatch.c extern.h \ kdc_util.h @@ -104,10 +105,10 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h do_as_req.c extern.h \ - kdc_util.h policy.h + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + do_as_req.c extern.h kdc_util.h policy.h $(OUTPRE)do_tgs_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ @@ -115,7 +116,8 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h do_tgs_req.c extern.h \ kdc_util.h policy.h @@ -127,10 +129,10 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.h kdc_util.c \ - kdc_util.h + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc_util.c kdc_util.h $(OUTPRE)kdc_preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ @@ -138,7 +140,8 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h extern.h kdc_preauth.c \ kdc_util.h @@ -150,10 +153,11 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_kt.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - extern.h kdc5_err.h kdc_util.h main.c + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_kt.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h extern.h kdc5_err.h \ + kdc_util.h main.c $(OUTPRE)network.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ @@ -163,10 +167,10 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.h kdc5_err.h \ - kdc_util.h network.c + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc5_err.h kdc_util.h network.c $(OUTPRE)policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ @@ -174,9 +178,10 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdc_util.h policy.c + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc_util.h policy.c $(OUTPRE)extern.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ @@ -194,10 +199,10 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.h kdc_util.h \ - replay.c + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc_util.h replay.c $(OUTPRE)kdc_authdata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ @@ -205,7 +210,8 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ extern.h kdc_authdata.c kdc_util.h Modified: branches/mskrb-integ/src/lib/crypto/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/crypto/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -386,16 +386,16 @@ # Makefile dependencies follow. This must be the last section in # the Makefile.in file # -aead.so aead.po $(OUTPRE)aead.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ +aead.so aead.po $(OUTPRE)aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - aead.c etypes.h aead.h + $(srcdir)/dk/dk.h aead.c aead.h cksumtypes.h etypes.h block_size.so block_size.po $(OUTPRE)block_size.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -450,6 +450,28 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h cksumtypes.h coll_proof_cksum.c +combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/dk/dk.h \ + combine_keys.c etypes.h +crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h crypto_length.c \ + etypes.h crypto_libinit.so crypto_libinit.po $(OUTPRE)crypto_libinit.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -462,6 +484,8 @@ $(SRCTOP)/include/socket-utils.h crypto_libinit.c default_state.so default_state.po $(OUTPRE)default_state.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ @@ -477,7 +501,18 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - decrypt.c etypes.h + aead.h decrypt.c etypes.h +decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h decrypt_iov.c \ + etypes.h encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ @@ -487,7 +522,17 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - encrypt.c etypes.h + aead.h encrypt.c etypes.h +encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h encrypt_iov.c etypes.h encrypt_length.so encrypt_length.po $(OUTPRE)encrypt_length.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -497,7 +542,8 @@ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h encrypt_length.c etypes.h + $(SRCTOP)/include/socket-utils.h aead.h encrypt_length.c \ + etypes.h enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -542,7 +588,7 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - hmac.c + aead.h hmac.c keyblocks.so keyblocks.po $(OUTPRE)keyblocks.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -595,6 +641,17 @@ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/dk/dk.h \ cksumtypes.h etypes.h make_checksum.c +make_checksum_iov.so make_checksum_iov.po $(OUTPRE)make_checksum_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \ + make_checksum_iov.c make_random_key.so make_random_key.po $(OUTPRE)make_random_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -748,6 +805,17 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h cksumtypes.h verify_checksum.c +verify_checksum_iov.so verify_checksum_iov.po $(OUTPRE)verify_checksum_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \ + verify_checksum_iov.c t_nfold.so t_nfold.po $(OUTPRE)t_nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ Modified: branches/mskrb-integ/src/lib/crypto/arcfour/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/arcfour/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/crypto/arcfour/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -56,7 +56,7 @@ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ arcfour-int.h arcfour.c arcfour.h -arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \ +arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ @@ -65,5 +65,17 @@ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../md4/rsa-md4.h \ - arcfour-int.h arcfour.h arcfour_s2k.c + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + arcfour-int.h arcfour.h arcfour_aead.c +arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../md4/rsa-md4.h arcfour-int.h arcfour.h \ + arcfour_s2k.c Modified: branches/mskrb-integ/src/lib/crypto/des/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/des/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/crypto/des/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -111,21 +111,29 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h afsstring2key.c des_int.h +d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - afsstring2key.c des_int.h -d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + d3_cbc.c des_int.h f_tables.h +d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h d3_cbc.c des_int.h \ - f_tables.h + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h d3_aead.c des_int.h f_tables.h d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -133,43 +141,39 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - d3_kysched.c des_int.h -f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h d3_kysched.c des_int.h +f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h f_cbc.c \ - f_tables.h -f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h des_int.h f_aead.c f_tables.h +f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h f_aead.c \ - f_tables.h + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + des_int.h f_cbc.c f_tables.h f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h f_cksum.c \ - f_tables.h + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + des_int.h f_cksum.c f_tables.h f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -177,20 +181,19 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h f_parity.c + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h f_parity.c f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h f_sched.c + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + des_int.h f_sched.c f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -198,10 +201,10 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h f_tables.c f_tables.h + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h f_tables.c \ + f_tables.h key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -209,10 +212,9 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h key_sched.c + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h key_sched.c weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -220,10 +222,9 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h weak_key.c + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h weak_key.c string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -231,7 +232,6 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h string2key.c + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h string2key.c Modified: branches/mskrb-integ/src/lib/crypto/dk/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/dk/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/crypto/dk/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -67,8 +67,18 @@ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../etypes.h \ - checksum.c dk.h + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + $(srcdir)/../etypes.h checksum.c dk.h +dk_aead.so dk_aead.po $(OUTPRE)dk_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h dk.h dk_aead.c dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -80,26 +90,8 @@ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h dk.h dk_decrypt.c dk_encrypt.so dk_encrypt.po $(OUTPRE)dk_encrypt.$(OBJEXT): \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - dk.h dk_aead.c -dk_ccm.so dk_ccm.po $(OUTPRE)dk_ccm.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - dk.h dk_ccm.c -dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ Modified: branches/mskrb-integ/src/lib/crypto/enc_provider/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/enc_provider/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/crypto/enc_provider/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -51,22 +51,21 @@ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ - des.c enc_provider.h + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des.c \ + enc_provider.h des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ - des3.c + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des3.c aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ @@ -76,18 +75,8 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h aes.c \ - enc_provider.h -aes_ctr.so aes_ctr.po $(OUTPRE)aes_ctr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../aes/aes.h \ - $(srcdir)/../aes/uitypes.h aes_ctr.c enc_provider.h + $(srcdir)/../aead.h $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h \ + aes.c enc_provider.h rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ @@ -97,5 +86,5 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \ - enc_provider.h rc4.c + $(srcdir)/../aead.h $(srcdir)/../arcfour/arcfour-int.h \ + $(srcdir)/../arcfour/arcfour.h enc_provider.h rc4.c Modified: branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -59,16 +59,6 @@ # Makefile dependencies follow. This must be the last section in # the Makefile.in file # -aescbc.so aescbc.po $(OUTPRE)aescbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../aes/aes.h aescbc.c keyhash_provider.h descbc.so descbc.po $(OUTPRE)descbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ @@ -110,18 +100,19 @@ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../arcfour/arcfour-int.h \ - $(srcdir)/../arcfour/arcfour.h $(srcdir)/../hash_provider/hash_provider.h \ - $(srcdir)/../md5/rsa-md5.h hmac_md5.c keyhash_provider.h + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \ + $(srcdir)/../hash_provider/hash_provider.h $(srcdir)/../md5/rsa-md5.h \ + hmac_md5.c keyhash_provider.h md5_hmac.so md5_hmac.po $(OUTPRE)md5_hmac.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \ - $(srcdir)/../hash_provider/hash_provider.h $(srcdir)/../md5/rsa-md5.h \ - md5_hmac.c keyhash_provider.h + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../arcfour/arcfour-int.h \ + $(srcdir)/../arcfour/arcfour.h $(srcdir)/../hash_provider/hash_provider.h \ + $(srcdir)/../md5/rsa-md5.h keyhash_provider.h md5_hmac.c Modified: branches/mskrb-integ/src/lib/crypto/raw/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/raw/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/crypto/raw/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -66,4 +66,5 @@ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h raw.h raw_aead.c + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + raw.h raw_aead.c Modified: branches/mskrb-integ/src/lib/gssapi/generic/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/gssapi/generic/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/gssapi/generic/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -178,61 +178,71 @@ # disp_com_err_status.so disp_com_err_status.po $(OUTPRE)disp_com_err_status.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - disp_com_err_status.c gssapiP_generic.h \ - gssapi_err_generic.h gssapi_generic.h + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h disp_com_err_status.c \ + gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \ + gssapi_generic.h disp_major_status.so disp_major_status.po $(OUTPRE)disp_major_status.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h disp_major_status.c gssapiP_generic.h \ - gssapi_err_generic.h gssapi_generic.h + gssapi_err_generic.h gssapi_ext.h gssapi_generic.h gssapi_generic.so gssapi_generic.po $(OUTPRE)gssapi_generic.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.c gssapi_generic.h + gssapi_ext.h gssapi_generic.c gssapi_generic.h +oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h oid_ops.c rel_buffer.so rel_buffer.po $(OUTPRE)rel_buffer.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h rel_buffer.c + gssapi_ext.h gssapi_generic.h rel_buffer.c rel_oid_set.so rel_oid_set.po $(OUTPRE)rel_oid_set.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h rel_oid_set.c + gssapi_ext.h gssapi_generic.h rel_oid_set.c util_buffer.so util_buffer.po $(OUTPRE)util_buffer.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h util_buffer.c + gssapi_ext.h gssapi_generic.h util_buffer.c +util_buffer_set.so util_buffer_set.po $(OUTPRE)util_buffer_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_buffer_set.c util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h errmap.h gssapiP_generic.h \ - gssapi_err_generic.h gssapi_generic.h util_errmap.c + gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \ + util_errmap.c util_ordering.so util_ordering.po $(OUTPRE)util_ordering.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h util_ordering.c + gssapi_ext.h gssapi_generic.h util_ordering.c util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h util_set.c + gssapi_ext.h gssapi_generic.h util_set.c util_token.so util_token.po $(OUTPRE)util_token.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h util_token.c + gssapi_ext.h gssapi_generic.h util_token.c util_validate.so util_validate.po $(OUTPRE)util_validate.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h util_validate.c + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_validate.c gssapi_err_generic.so gssapi_err_generic.po $(OUTPRE)gssapi_err_generic.$(OBJEXT): \ $(COM_ERR_DEPS) gssapi_err_generic.c Modified: branches/mskrb-integ/src/lib/gssapi/krb5/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/gssapi/krb5/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/gssapi/krb5/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -278,283 +278,303 @@ # accept_sec_context.so accept_sec_context.po $(OUTPRE)accept_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h accept_sec_context.c \ gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h acquire_cred.so acquire_cred.po $(OUTPRE)acquire_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h acquire_cred.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h add_cred.so add_cred.po $(OUTPRE)add_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h add_cred.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h canon_name.so canon_name.po $(OUTPRE)canon_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h canon_name.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h compare_name.so compare_name.po $(OUTPRE)compare_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h compare_name.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h context_time.so context_time.po $(OUTPRE)context_time.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h context_time.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h copy_ccache.so copy_ccache.po $(OUTPRE)copy_ccache.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h copy_ccache.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h delete_sec_context.so delete_sec_context.po $(OUTPRE)delete_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h delete_sec_context.c \ gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h disp_name.so disp_name.po $(OUTPRE)disp_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h disp_name.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h disp_status.so disp_status.po $(OUTPRE)disp_status.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h disp_status.c error_map.h \ gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h duplicate_name.so duplicate_name.po $(OUTPRE)duplicate_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h duplicate_name.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h export_name.so export_name.po $(OUTPRE)export_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h export_name.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h export_sec_context.so export_sec_context.po $(OUTPRE)export_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h export_sec_context.c \ gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h get_tkt_flags.so get_tkt_flags.po $(OUTPRE)get_tkt_flags.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h get_tkt_flags.c gssapiP_krb5.h \ gssapi_err_krb5.h gssapi_krb5.h gssapi_krb5.so gssapi_krb5.po $(OUTPRE)gssapi_krb5.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.c gssapi_krb5.h import_name.so import_name.po $(OUTPRE)import_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.h import_name.c import_sec_context.so import_sec_context.po $(OUTPRE)import_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.h import_sec_context.c indicate_mechs.so indicate_mechs.po $(OUTPRE)indicate_mechs.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.h indicate_mechs.c init_sec_context.so init_sec_context.po $(OUTPRE)init_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.h init_sec_context.c inq_context.so inq_context.po $(OUTPRE)inq_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.h inq_context.c inq_cred.so inq_cred.po $(OUTPRE)inq_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.h inq_cred.c -k5seal.so k5seal.po $(OUTPRE)k5seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ +inq_names.so inq_names.po $(OUTPRE)inq_names.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ @@ -563,10 +583,11 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5seal.c -k5sealv3.so k5sealv3.po $(OUTPRE)k5sealv3.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h inq_names.c +k5seal.so k5seal.po $(OUTPRE)k5seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -575,77 +596,54 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h k5sealv3.c -k5unseal.so k5unseal.po $(OUTPRE)k5unseal.$(OBJEXT): \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5seal.c +k5sealiov.so k5sealiov.po $(OUTPRE)k5sealiov.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h k5unseal.c -krb5_gss_glue.so krb5_gss_glue.po $(OUTPRE)krb5_gss_glue.$(OBJEXT): \ + gssapi_krb5.h k5sealiov.c +k5sealv3.so k5sealv3.po $(OUTPRE)k5sealv3.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \ - ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h krb5_gss_glue.c -lucid_context.so lucid_context.po $(OUTPRE)lucid_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h lucid_context.c -process_context_token.so process_context_token.po $(OUTPRE)process_context_token.$(OBJEXT): \ + gssapi_krb5.h k5sealv3.c +k5sealv3iov.so k5sealv3iov.po $(OUTPRE)k5sealv3iov.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h process_context_token.c -rel_cred.so rel_cred.po $(OUTPRE)rel_cred.$(OBJEXT): \ + gssapi_krb5.h k5sealv3iov.c +k5unseal.so k5unseal.po $(OUTPRE)k5unseal.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h rel_cred.c -rel_oid.so rel_oid.po $(OUTPRE)rel_oid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ @@ -654,23 +652,12 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h rel_oid.c -rel_name.so rel_name.po $(OUTPRE)rel_name.$(OBJEXT): \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h k5unseal.c +k5unsealiov.so k5unsealiov.po $(OUTPRE)k5unsealiov.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h rel_name.c -seal.so seal.po $(OUTPRE)seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ @@ -679,11 +666,12 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h seal.c -set_allowable_enctypes.so set_allowable_enctypes.po \ - $(OUTPRE)set_allowable_enctypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h k5unsealiov.c +krb5_gss_glue.so krb5_gss_glue.po $(OUTPRE)krb5_gss_glue.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ @@ -692,37 +680,26 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h set_allowable_enctypes.c -ser_sctx.so ser_sctx.po $(OUTPRE)ser_sctx.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h ser_sctx.c -set_ccache.so set_ccache.po $(OUTPRE)set_ccache.$(OBJEXT): \ + gssapi_krb5.h krb5_gss_glue.c +lucid_context.so lucid_context.po $(OUTPRE)lucid_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h set_ccache.c -sign.so sign.po $(OUTPRE)sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ + gssapi_krb5.h lucid_context.c +process_context_token.so process_context_token.po $(OUTPRE)process_context_token.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ @@ -731,10 +708,12 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h sign.c -unseal.so unseal.po $(OUTPRE)unseal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h process_context_token.c +rel_cred.so rel_cred.po $(OUTPRE)rel_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ @@ -743,10 +722,11 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h unseal.c -util_cksum.so util_cksum.po $(OUTPRE)util_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h rel_cred.c +rel_oid.so rel_oid.po $(OUTPRE)rel_oid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -755,11 +735,25 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h rel_oid.c +rel_name.so rel_name.po $(OUTPRE)rel_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h util_cksum.c -util_crypt.so util_crypt.po $(OUTPRE)util_crypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + gssapi_krb5.h rel_name.c +seal.so seal.po $(OUTPRE)seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -768,11 +762,12 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h util_crypt.c -util_seed.so util_seed.po $(OUTPRE)util_seed.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h seal.c +set_allowable_enctypes.so set_allowable_enctypes.po \ + $(OUTPRE)set_allowable_enctypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -781,11 +776,39 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h set_allowable_enctypes.c +ser_sctx.so ser_sctx.po $(OUTPRE)ser_sctx.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h util_seed.c -util_seqnum.so util_seqnum.po $(OUTPRE)util_seqnum.$(OBJEXT): \ + gssapi_krb5.h ser_sctx.c +set_ccache.so set_ccache.po $(OUTPRE)set_ccache.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h set_ccache.c +sign.so sign.po $(OUTPRE)sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -794,11 +817,11 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h util_seqnum.c -val_cred.so val_cred.po $(OUTPRE)val_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h sign.c +unseal.so unseal.po $(OUTPRE)unseal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -807,11 +830,26 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h unseal.c +util_cksum.so util_cksum.po $(OUTPRE)util_cksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h val_cred.c -verify.so verify.po $(OUTPRE)verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ + gssapi_krb5.h util_cksum.c +util_crypt.so util_crypt.po $(OUTPRE)util_crypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ @@ -820,10 +858,53 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h verify.c -wrap_size_limit.so wrap_size_limit.po $(OUTPRE)wrap_size_limit.$(OBJEXT): \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h util_crypt.c +util_seed.so util_seed.po $(OUTPRE)util_seed.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h util_seed.c +util_seqnum.so util_seqnum.po $(OUTPRE)util_seqnum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h util_seqnum.c +val_cred.so val_cred.po $(OUTPRE)val_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h val_cred.c +verify.so verify.po $(OUTPRE)verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -832,8 +913,20 @@ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h verify.c +wrap_size_limit.so wrap_size_limit.po $(OUTPRE)wrap_size_limit.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ gssapi_krb5.h wrap_size_limit.c -gssapi_err_krb5.so gssapi_err_krb5.po $(OUTPRE)gssapi_err_krb5.$(OBJEXT): \ - $(COM_ERR_DEPS) gssapi_err_krb5.c Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/gssapi/mechglue/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/gssapi/mechglue/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -177,219 +177,357 @@ # g_accept_sec_context.so g_accept_sec_context.po $(OUTPRE)g_accept_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_accept_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_accept_sec_context.c \ + mechglue.h mglueP.h g_acquire_cred.so g_acquire_cred.po $(OUTPRE)g_acquire_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_acquire_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_acquire_cred.c mechglue.h \ + mglueP.h +g_buffer_set.so g_buffer_set.po $(OUTPRE)g_buffer_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_buffer_set.c mechglue.h \ + mglueP.h g_canon_name.so g_canon_name.po $(OUTPRE)g_canon_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_canon_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_canon_name.c mechglue.h \ + mglueP.h g_compare_name.so g_compare_name.po $(OUTPRE)g_compare_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_compare_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_compare_name.c mechglue.h \ + mglueP.h +g_complete_auth_token.so g_complete_auth_token.po $(OUTPRE)g_complete_auth_token.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_complete_auth_token.c \ + mechglue.h mglueP.h g_context_time.so g_context_time.po $(OUTPRE)g_context_time.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_context_time.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_context_time.c mechglue.h \ + mglueP.h g_delete_sec_context.so g_delete_sec_context.po $(OUTPRE)g_delete_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_delete_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_delete_sec_context.c \ + mechglue.h mglueP.h g_dsp_name.so g_dsp_name.po $(OUTPRE)g_dsp_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_dsp_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dsp_name.c mechglue.h \ + mglueP.h g_dsp_status.so g_dsp_status.po $(OUTPRE)g_dsp_status.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_dsp_status.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dsp_status.c mechglue.h \ + mglueP.h g_dup_name.so g_dup_name.po $(OUTPRE)g_dup_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_dup_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dup_name.c mechglue.h \ + mglueP.h g_exp_sec_context.so g_exp_sec_context.po $(OUTPRE)g_exp_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_exp_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_exp_sec_context.c \ + mechglue.h mglueP.h g_export_name.so g_export_name.po $(OUTPRE)g_export_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_export_name.c mechglue.h mglueP.h -g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_export_name.c mechglue.h \ + mglueP.h +g_export_name_object.so g_export_name_object.po $(OUTPRE)g_export_name_object.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_export_name_object.c \ + mechglue.h mglueP.h +g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_glue.c mechglue.h \ mglueP.h g_imp_name.so g_imp_name.po $(OUTPRE)g_imp_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_imp_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_name.c mechglue.h \ + mglueP.h +g_imp_name_object.so g_imp_name_object.po $(OUTPRE)g_imp_name_object.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_name_object.c \ + mechglue.h mglueP.h g_imp_sec_context.so g_imp_sec_context.po $(OUTPRE)g_imp_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_imp_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_sec_context.c \ + mechglue.h mglueP.h g_init_sec_context.so g_init_sec_context.po $(OUTPRE)g_init_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_init_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_init_sec_context.c \ + mechglue.h mglueP.h g_initialize.so g_initialize.po $(OUTPRE)g_initialize.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h \ - g_initialize.c mechglue.h mglueP.h + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../krb5/gssapiP_krb5.h $(srcdir)/../spnego/gssapiP_spnego.h \ + ../generic/gssapi_err_generic.h ../krb5/gssapi_err_krb5.h \ + ../krb5/gssapi_krb5.h g_initialize.c mechglue.h mglueP.h g_inq_context.so g_inq_context.po $(OUTPRE)g_inq_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_inq_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_context.c mechglue.h \ + mglueP.h +g_inq_context_oid.so g_inq_context_oid.po $(OUTPRE)g_inq_context_oid.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_context_oid.c \ + mechglue.h mglueP.h g_inq_cred.so g_inq_cred.po $(OUTPRE)g_inq_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_inq_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_cred.c mechglue.h \ + mglueP.h +g_inq_cred_oid.so g_inq_cred_oid.po $(OUTPRE)g_inq_cred_oid.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_cred_oid.c mechglue.h \ + mglueP.h g_inq_names.so g_inq_names.po $(OUTPRE)g_inq_names.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_inq_names.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_names.c mechglue.h \ + mglueP.h +g_mech_invoke.so g_mech_invoke.po $(OUTPRE)g_mech_invoke.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_mech_invoke.c mechglue.h \ + mglueP.h g_mechname.so g_mechname.po $(OUTPRE)g_mechname.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_mechname.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_mechname.c mechglue.h \ + mglueP.h g_oid_ops.so g_oid_ops.po $(OUTPRE)g_oid_ops.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_oid_ops.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_oid_ops.c mechglue.h \ + mglueP.h g_process_context.so g_process_context.po $(OUTPRE)g_process_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_process_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_process_context.c \ + mechglue.h mglueP.h g_rel_buffer.so g_rel_buffer.po $(OUTPRE)g_rel_buffer.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_buffer.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_buffer.c mechglue.h \ + mglueP.h g_rel_cred.so g_rel_cred.po $(OUTPRE)g_rel_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_cred.c mechglue.h \ + mglueP.h g_rel_name.so g_rel_name.po $(OUTPRE)g_rel_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_name.c mechglue.h \ + mglueP.h g_rel_oid_set.so g_rel_oid_set.po $(OUTPRE)g_rel_oid_set.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_oid_set.c mechglue.h \ + mglueP.h +g_seal.so g_seal.po $(OUTPRE)g_seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_oid_set.c mechglue.h mglueP.h -g_seal.so g_seal.po $(OUTPRE)g_seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_seal.c mechglue.h \ + mglueP.h +g_set_context_option.so g_set_context_option.po $(OUTPRE)g_set_context_option.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_seal.c mechglue.h mglueP.h -g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_set_context_option.c \ + mechglue.h mglueP.h +g_set_cred_option.so g_set_cred_option.po $(OUTPRE)g_set_cred_option.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_sign.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_set_cred_option.c \ + mechglue.h mglueP.h +g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_sign.c mechglue.h \ + mglueP.h g_store_cred.so g_store_cred.po $(OUTPRE)g_store_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_store_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_store_cred.c mechglue.h \ + mglueP.h g_unseal.so g_unseal.po $(OUTPRE)g_unseal.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_unseal.c mechglue.h \ mglueP.h g_unwrap_aead.so g_unwrap_aead.po $(OUTPRE)g_unwrap_aead.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_unwrap_aead.c mechglue.h \ mglueP.h g_unwrap_iov.so g_unwrap_iov.po $(OUTPRE)g_unwrap_iov.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_unwrap_iov.c mechglue.h \ mglueP.h g_verify.so g_verify.po $(OUTPRE)g_verify.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_verify.c mechglue.h \ mglueP.h g_wrap_aead.so g_wrap_aead.po $(OUTPRE)g_wrap_aead.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_wrap_aead.c mechglue.h \ mglueP.h g_wrap_iov.so g_wrap_iov.po $(OUTPRE)g_wrap_iov.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_wrap_iov.c mechglue.h \ mglueP.h -oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - mechglue.h mglueP.h oid_ops.c Modified: branches/mskrb-integ/src/lib/gssapi/spnego/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/gssapi/spnego/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/gssapi/spnego/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -31,14 +31,15 @@ # spnego_mech.so spnego_mech.po $(OUTPRE)spnego_mech.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../mechglue/mechglue.h \ - $(srcdir)/../mechglue/mglueP.h ../generic/gssapi_err_generic.h \ - gssapiP_spnego.h spnego_mech.c + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \ + ../generic/gssapi_err_generic.h gssapiP_spnego.h spnego_mech.c Modified: branches/mskrb-integ/src/lib/kadm5/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/kadm5/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/kadm5/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -110,17 +110,15 @@ chpass_util_strings.so chpass_util_strings.po $(OUTPRE)chpass_util_strings.$(OBJEXT): \ $(COM_ERR_DEPS) chpass_util_strings.c ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h ovsec_glue.c + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h ovsec_glue.c misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ @@ -130,8 +128,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h admin_internal.h misc_free.c \ server_internal.h kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \ @@ -145,8 +142,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h kadm_rpc_xdr.c chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ @@ -157,8 +153,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h admin_internal.h chpass_util.c alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ Modified: branches/mskrb-integ/src/lib/kadm5/clnt/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/kadm5/clnt/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/kadm5/clnt/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -81,21 +81,8 @@ # the Makefile.in file # clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h client_internal.h clnt_policy.c -client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ @@ -103,65 +90,72 @@ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_rpc.c -client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \ + clnt_policy.c +client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h client_internal.h client_principal.c -client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h client_rpc.c +client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h client_init.c client_internal.h -clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \ + client_principal.c +client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h client_internal.h clnt_privs.c -clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h client_init.c client_internal.h +clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \ - clnt_chpass_util.c + clnt_privs.c +clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h client_internal.h clnt_chpass_util.c Modified: branches/mskrb-integ/src/lib/kadm5/srv/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/kadm5/srv/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/kadm5/srv/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -107,8 +107,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h svr_policy.c svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ @@ -120,8 +119,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h svr_principal.c server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ @@ -183,11 +181,12 @@ $(SRCTOP)/include/socket-utils.h server_misc.c server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ @@ -203,8 +202,8 @@ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/../../gssapi/generic/gssapiP_generic.h \ - $(srcdir)/../../gssapi/generic/gssapi_generic.h $(srcdir)/../../gssapi/krb5/gssapiP_krb5.h \ - server_init.c + $(srcdir)/../../gssapi/generic/gssapi_ext.h $(srcdir)/../../gssapi/generic/gssapi_generic.h \ + $(srcdir)/../../gssapi/krb5/gssapiP_krb5.h server_init.c server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ @@ -228,8 +227,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h svr_iters.c svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ @@ -241,8 +239,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h svr_chpass_util.c adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -255,5 +252,4 @@ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h adb_xdr.c Modified: branches/mskrb-integ/src/lib/kadm5/unit-test/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/kadm5/unit-test/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/kadm5/unit-test/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -146,52 +146,48 @@ # Makefile dependencies follow. This must be the last section in # the Makefile.in file # -$(OUTPRE)init-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h init-test.c -$(OUTPRE)destroy-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/client_internal.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h destroy-test.c -$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/client_internal.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h handle-test.c -$(OUTPRE)iter-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h iter-test.c +$(OUTPRE)init-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h init-test.c +$(OUTPRE)destroy-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h destroy-test.c +$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h handle-test.c +$(OUTPRE)iter-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h iter-test.c $(OUTPRE)setkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ @@ -209,25 +205,23 @@ $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h setkey-test.c -$(OUTPRE)randkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h randkey-test.c -$(OUTPRE)lock-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h lock-test.c +$(OUTPRE)randkey-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h randkey-test.c +$(OUTPRE)lock-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h lock-test.c Modified: branches/mskrb-integ/src/lib/kdb/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/kdb/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/kdb/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -83,10 +83,11 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - adb_err.h kdb5.c kdb5.h kdb5int.h + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h adb_err.h kdb5.c kdb5.h \ + kdb5int.h encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -169,10 +170,10 @@ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kdb5.h kdb5int.h kdb_log.c + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb5.h kdb5int.h kdb_log.c keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ Modified: branches/mskrb-integ/src/lib/krb5/krb/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/krb5/krb/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/krb5/krb/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -712,7 +712,7 @@ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h get_creds.c + $(SRCTOP)/include/socket-utils.h get_creds.c int-proto.h get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -885,6 +885,16 @@ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ auth_con.h cleanup.h mk_safe.c +pac.so pac.po $(OUTPRE)pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-utf8.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h pac.c parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ @@ -932,6 +942,7 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-unicode.h $(SRCTOP)/include/k5-utf8.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h princ_comp.c Modified: branches/mskrb-integ/src/lib/krb5/unicode/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/krb5/unicode/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/krb5/unicode/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -67,3 +67,19 @@ depend:: .links @libobj_frag@ +# +++ Dependency line eater +++ +# +# Makefile dependencies follow. This must be the last section in +# the Makefile.in file +# +ucstr.so ucstr.po $(OUTPRE)ucstr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-unicode.h \ + $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ucstr.c Modified: branches/mskrb-integ/src/lib/rpc/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/rpc/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/rpc/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -274,15 +274,16 @@ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h auth_gss.c auth_gssapi.so auth_gssapi.po $(OUTPRE)auth_gssapi.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/krb5.h auth_gssapi.c gssrpcint.h + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/krb5.h \ + auth_gssapi.c gssrpcint.h auth_gssapi_misc.so auth_gssapi_misc.po $(OUTPRE)auth_gssapi_misc.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ Modified: branches/mskrb-integ/src/lib/rpc/unit-test/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/rpc/unit-test/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/lib/rpc/unit-test/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -104,4 +104,5 @@ $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h server.c + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h rpc_test.h server.c Modified: branches/mskrb-integ/src/plugins/kdb/db2/Makefile.in =================================================================== --- branches/mskrb-integ/src/plugins/kdb/db2/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/plugins/kdb/db2/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -125,8 +125,7 @@ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/lib/kdb/adb_err.h \ $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h adb_policy.c policy_db.h kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ @@ -137,7 +136,8 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_db2.c kdb_db2.h kdb_xdr.h policy_db.h @@ -149,8 +149,7 @@ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/krb5.h pol_xdr.c policy_db.h db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ @@ -161,7 +160,8 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ db2_exp.c kdb_db2.h kdb_xdr.h policy_db.h Modified: branches/mskrb-integ/src/plugins/kdb/db2/libdb2/btree/Makefile.in =================================================================== --- branches/mskrb-integ/src/plugins/kdb/db2/libdb2/btree/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/plugins/kdb/db2/libdb2/btree/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -21,68 +21,75 @@ # the Makefile.in file # bt_close.so bt_close.po $(OUTPRE)bt_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_close.c btree.h extern.h -bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_conv.c btree.h extern.h -bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + bt_close.c btree.h extern.h +bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_debug.c btree.h extern.h -bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_delete.c btree.h extern.h -bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../mpool/mpool.h bt_conv.c btree.h extern.h +bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_get.c btree.h extern.h -bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + bt_debug.c btree.h extern.h +bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_open.c btree.h extern.h -bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + bt_delete.c btree.h extern.h +bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_overflow.c btree.h extern.h -bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../mpool/mpool.h bt_get.c btree.h extern.h +bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_open.c btree.h extern.h +bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_page.c btree.h extern.h + bt_overflow.c btree.h extern.h +bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_page.c btree.h extern.h bt_put.so bt_put.po $(OUTPRE)bt_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_put.c btree.h extern.h +bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_put.c btree.h extern.h -bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + bt_search.c btree.h extern.h +bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_search.c btree.h extern.h -bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../mpool/mpool.h bt_seq.c btree.h extern.h +bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_seq.c btree.h extern.h -bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_split.c btree.h extern.h + bt_split.c btree.h extern.h bt_utils.so bt_utils.po $(OUTPRE)bt_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_utils.c btree.h extern.h + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + bt_utils.c btree.h extern.h Modified: branches/mskrb-integ/src/plugins/kdb/db2/libdb2/db/Makefile.in =================================================================== --- branches/mskrb-integ/src/plugins/kdb/db2/libdb2/db/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/plugins/kdb/db2/libdb2/db/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -18,6 +18,6 @@ # the Makefile.in file # db.so db.po $(OUTPRE)db.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ - db.c + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db.h db.c Modified: branches/mskrb-integ/src/plugins/kdb/db2/libdb2/hash/Makefile.in =================================================================== --- branches/mskrb-integ/src/plugins/kdb/db2/libdb2/hash/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/plugins/kdb/db2/libdb2/hash/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -20,43 +20,44 @@ # the Makefile.in file # hash.so hash.po $(OUTPRE)hash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.c hash.h page.h +hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.c hash.h page.h -hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_bigkey.c \ - page.h + extern.h hash.h hash_bigkey.c page.h hash_debug.so hash_debug.po $(OUTPRE)hash_debug.$(OBJEXT): \ hash_debug.c hash_func.so hash_func.po $(OUTPRE)hash_func.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_func.c \ - page.h + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h hash.h hash_func.c page.h hash_log2.so hash_log2.po $(OUTPRE)hash_log2.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_log2.c \ - page.h + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h hash.h hash_log2.c page.h hash_page.so hash_page.po $(OUTPRE)hash_page.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h hash.h hash_page.c page.h +hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_page.c \ - page.h -hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ - hsearch.c search.h + $(srcdir)/../include/db.h hsearch.c search.h dbm.so dbm.po $(OUTPRE)dbm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-ndbm.h $(BUILDTOP)/include/db.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-dbm.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h dbm.c hash.h + $(BUILDTOP)/include/db-config.h $(BUILDTOP)/include/db-ndbm.h \ + $(BUILDTOP)/include/db.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-dbm.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + dbm.c hash.h Modified: branches/mskrb-integ/src/plugins/kdb/db2/libdb2/mpool/Makefile.in =================================================================== --- branches/mskrb-integ/src/plugins/kdb/db2/libdb2/mpool/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/plugins/kdb/db2/libdb2/mpool/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -18,6 +18,7 @@ # the Makefile.in file # mpool.so mpool.po $(OUTPRE)mpool.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h mpool.c mpool.h + $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + mpool.c mpool.h Modified: branches/mskrb-integ/src/plugins/kdb/db2/libdb2/recno/Makefile.in =================================================================== --- branches/mskrb-integ/src/plugins/kdb/db2/libdb2/recno/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/plugins/kdb/db2/libdb2/recno/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -20,50 +20,55 @@ # the Makefile.in file # rec_close.so rec_close.po $(OUTPRE)rec_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ - $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_close.c recno.h + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h rec_close.c recno.h rec_delete.so rec_delete.po $(OUTPRE)rec_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h rec_delete.c recno.h +rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_delete.c recno.h -rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_get.c recno.h +rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_get.c recno.h -rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + extern.h rec_open.c recno.h +rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_open.c recno.h -rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_put.c recno.h +rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_put.c recno.h -rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + extern.h rec_search.c recno.h +rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_search.c recno.h -rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_seq.c recno.h +rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_seq.c recno.h -rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ - $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_utils.c recno.h + extern.h rec_utils.c recno.h Modified: branches/mskrb-integ/src/plugins/preauth/pkinit/Makefile.in =================================================================== --- branches/mskrb-integ/src/plugins/preauth/pkinit/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/plugins/preauth/pkinit/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -64,7 +64,8 @@ pkinit_accessor.so pkinit_accessor.po $(OUTPRE)pkinit_accessor.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ @@ -74,36 +75,43 @@ pkinit_srv.so pkinit_srv.po $(OUTPRE)pkinit_srv.$(OBJEXT): \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_srv.c + pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \ + pkinit_srv.c pkinit_lib.so pkinit_lib.po $(OUTPRE)pkinit_lib.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_lib.c + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_lib.c pkinit_clnt.so pkinit_clnt.po $(OUTPRE)pkinit_clnt.$(OBJEXT): \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_clnt.c pkinit_crypto.h + pkcs11.h pkinit.h pkinit_accessor.h pkinit_clnt.c pkinit_crypto.h pkinit_profile.so pkinit_profile.po $(OUTPRE)pkinit_profile.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h pkinit.h pkinit_accessor.h \ - pkinit_crypto.h pkinit_profile.c + $(SRCTOP)/include/socket-utils.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_profile.c pkinit_identity.so pkinit_identity.po $(OUTPRE)pkinit_identity.$(OBJEXT): \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_identity.c + pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \ + pkinit_identity.c pkinit_matching.so pkinit_matching.po $(OUTPRE)pkinit_matching.$(OBJEXT): \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h pkinit.h pkinit_accessor.h \ - pkinit_crypto.h pkinit_matching.c + $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_matching.c pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_crypto_openssl.c \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_crypto_openssl.c \ pkinit_crypto_openssl.h Modified: branches/mskrb-integ/src/util/ss/Makefile.in =================================================================== --- branches/mskrb-integ/src/util/ss/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/util/ss/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -233,7 +233,7 @@ utils.c options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \ $(COM_ERR_DEPS) copyright.h options.c ss.h -cmd_tbl.lex.o: cmd_tbl.lex.c +cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \ ct.tab.c ss.h ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \ Modified: branches/mskrb-integ/src/util/support/Makefile.in =================================================================== --- branches/mskrb-integ/src/util/support/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) +++ branches/mskrb-integ/src/util/support/Makefile.in 2009-01-03 03:00:58 UTC (rev 21679) @@ -172,6 +172,13 @@ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ cache-addrinfo.h fake-addrinfo.c supp-int.h +utf8.so utf8.po $(OUTPRE)utf8.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-utf8.h supp-int.h utf8.c +utf8_conv.so utf8_conv.po $(OUTPRE)utf8_conv.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-utf8.h \ + supp-int.h utf8_conv.c strlcpy.so strlcpy.po $(OUTPRE)strlcpy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ strlcpy.c From hartmans at MIT.EDU Fri Jan 2 22:00:45 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 2 Jan 2009 22:00:45 -0500 (EST) Subject: svn rev #21678: branches/mskrb-integ/ doc/ doc/old-V4-docs/ src/ src/appl/simple/client/ ... Message-ID: <200901030300.WAA09632@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21678 Commit By: hartmans Log Message: Merge trunk at 21659. Conflicts: src/Makefile.in src/kadmin/server/misc.h src/kdc/do_as_req.c src/kdc/do_tgs_req.c src/kdc/kdc_util.c src/kdc/kdc_util.h src/lib/crypto/Makefile.in src/lib/crypto/des/Makefile.in src/lib/crypto/enc_provider/Makefile.in src/lib/kdb/kdb5.c src/lib/krb5/krb/chk_trans.c src/lib/krb5/krb/walk_rtree.c Changed Files: U branches/mskrb-integ/README U branches/mskrb-integ/doc/Makefile U branches/mskrb-integ/doc/admin.texinfo U branches/mskrb-integ/doc/definitions.texinfo U branches/mskrb-integ/doc/dnssrv.texinfo U branches/mskrb-integ/doc/install.texinfo D branches/mskrb-integ/doc/krb4-xrealm.txt D branches/mskrb-integ/doc/krb425.texinfo D branches/mskrb-integ/doc/old-V4-docs/README D branches/mskrb-integ/doc/old-V4-docs/installation.PS D branches/mskrb-integ/doc/old-V4-docs/installation.mss D branches/mskrb-integ/doc/old-V4-docs/operation.PS D branches/mskrb-integ/doc/old-V4-docs/operation.mss U branches/mskrb-integ/src/Makefile.in U branches/mskrb-integ/src/aclocal.m4 U branches/mskrb-integ/src/appl/simple/client/sim_client.c U branches/mskrb-integ/src/config/pre.in U branches/mskrb-integ/src/config-files/krb5.conf.M U branches/mskrb-integ/src/configure.in U branches/mskrb-integ/src/include/Makefile.in D branches/mskrb-integ/src/include/kerberosIV/Makefile.in D branches/mskrb-integ/src/include/kerberosIV/addr_comp.h D branches/mskrb-integ/src/include/kerberosIV/admin_server.h D branches/mskrb-integ/src/include/kerberosIV/des.h D branches/mskrb-integ/src/include/kerberosIV/kadm.h D branches/mskrb-integ/src/include/kerberosIV/kdc.h D branches/mskrb-integ/src/include/kerberosIV/klog.h D branches/mskrb-integ/src/include/kerberosIV/kparse.h D branches/mskrb-integ/src/include/kerberosIV/krb.h D branches/mskrb-integ/src/include/kerberosIV/krb_db.h D branches/mskrb-integ/src/include/kerberosIV/krbports.h D branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h D branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h D branches/mskrb-integ/src/include/kerberosIV/prot.h U branches/mskrb-integ/src/kadmin/cli/kadmin.c U branches/mskrb-integ/src/kadmin/dbutil/Makefile.in U branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c U branches/mskrb-integ/src/kadmin/server/ipropd_svc.c U branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c U branches/mskrb-integ/src/kadmin/server/misc.h U branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c U branches/mskrb-integ/src/kdc/do_as_req.c U branches/mskrb-integ/src/kdc/do_tgs_req.c U branches/mskrb-integ/src/kdc/kdc_util.c U branches/mskrb-integ/src/kdc/kdc_util.h U branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m U branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m U branches/mskrb-integ/src/krb5-config.M U branches/mskrb-integ/src/krb5-config.in D branches/mskrb-integ/src/krb524/Makefile.in D branches/mskrb-integ/src/krb524/README D branches/mskrb-integ/src/krb524/cnv_tkt_skey.c D branches/mskrb-integ/src/krb524/k524init.M D branches/mskrb-integ/src/krb524/k524init.c D branches/mskrb-integ/src/krb524/krb524.c D branches/mskrb-integ/src/krb524/krb524.def D branches/mskrb-integ/src/krb524/krb524_prot D branches/mskrb-integ/src/krb524/krb524d.M D branches/mskrb-integ/src/krb524/krb524d.c D branches/mskrb-integ/src/krb524/krb524d.h D branches/mskrb-integ/src/krb524/libinit.c D branches/mskrb-integ/src/krb524/test.c U branches/mskrb-integ/src/lib/Makefile.in U branches/mskrb-integ/src/lib/crypto/des/des_int.h U branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in U branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c U branches/mskrb-integ/src/lib/crypto/old/Makefile.in D branches/mskrb-integ/src/lib/des425/ISSUES D branches/mskrb-integ/src/lib/des425/Makefile.in D branches/mskrb-integ/src/lib/des425/cksum.c D branches/mskrb-integ/src/lib/des425/des.c D branches/mskrb-integ/src/lib/des425/enc_dec.c D branches/mskrb-integ/src/lib/des425/key_parity.c D branches/mskrb-integ/src/lib/des425/key_sched.c D branches/mskrb-integ/src/lib/des425/libdes425.exports D branches/mskrb-integ/src/lib/des425/mac_des_glue.c D branches/mskrb-integ/src/lib/des425/new_rnd_key.c D branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c D branches/mskrb-integ/src/lib/des425/quad_cksum.c D branches/mskrb-integ/src/lib/des425/random_key.c D branches/mskrb-integ/src/lib/des425/read_passwd.c D branches/mskrb-integ/src/lib/des425/str_to_key.c D branches/mskrb-integ/src/lib/des425/string2key.c D branches/mskrb-integ/src/lib/des425/t_pcbc.c D branches/mskrb-integ/src/lib/des425/t_quad.c D branches/mskrb-integ/src/lib/des425/unix_time.c D branches/mskrb-integ/src/lib/des425/util.c D branches/mskrb-integ/src/lib/des425/verify.c D branches/mskrb-integ/src/lib/des425/weak_key.c U branches/mskrb-integ/src/lib/kadm5/admin.h U branches/mskrb-integ/src/lib/kadm5/alt_prof.c U branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c U branches/mskrb-integ/src/lib/kadm5/logger.c U branches/mskrb-integ/src/lib/kdb/Makefile.in U branches/mskrb-integ/src/lib/kdb/kdb5.c A branches/mskrb-integ/src/lib/kdb/kdb5int.h U branches/mskrb-integ/src/lib/kdb/kdb_log.c D branches/mskrb-integ/src/lib/krb4/CCache-glue.c D branches/mskrb-integ/src/lib/krb4/FSp-glue.c D branches/mskrb-integ/src/lib/krb4/Makefile.in D branches/mskrb-integ/src/lib/krb4/Password.c D branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c D branches/mskrb-integ/src/lib/krb4/ad_print.c D branches/mskrb-integ/src/lib/krb4/change_password.c D branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c D branches/mskrb-integ/src/lib/krb4/cr_ciph.c D branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c D branches/mskrb-integ/src/lib/krb4/cr_err_repl.c D branches/mskrb-integ/src/lib/krb4/cr_tkt.c D branches/mskrb-integ/src/lib/krb4/debug.c D branches/mskrb-integ/src/lib/krb4/decomp_tkt.c D branches/mskrb-integ/src/lib/krb4/dest_tkt.c D branches/mskrb-integ/src/lib/krb4/err_txt.c D branches/mskrb-integ/src/lib/krb4/et_errtxt.awk D branches/mskrb-integ/src/lib/krb4/fgetst.c D branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c D branches/mskrb-integ/src/lib/krb4/g_cnffile.c D branches/mskrb-integ/src/lib/krb4/g_cred.c D branches/mskrb-integ/src/lib/krb4/g_in_tkt.c D branches/mskrb-integ/src/lib/krb4/g_phost.c D branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c D branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c D branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c D branches/mskrb-integ/src/lib/krb4/g_tf_fname.c D branches/mskrb-integ/src/lib/krb4/g_tf_realm.c D branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c D branches/mskrb-integ/src/lib/krb4/gethostname.c D branches/mskrb-integ/src/lib/krb4/getst.c D branches/mskrb-integ/src/lib/krb4/in_tkt.c D branches/mskrb-integ/src/lib/krb4/kadm_err.et D branches/mskrb-integ/src/lib/krb4/kadm_net.c D branches/mskrb-integ/src/lib/krb4/kadm_stream.c D branches/mskrb-integ/src/lib/krb4/klog.c D branches/mskrb-integ/src/lib/krb4/kname_parse.c D branches/mskrb-integ/src/lib/krb4/kntoln.c D branches/mskrb-integ/src/lib/krb4/krb4int.h D branches/mskrb-integ/src/lib/krb4/krb_err.et D branches/mskrb-integ/src/lib/krb4/kuserok.c D branches/mskrb-integ/src/lib/krb4/libkrb4.exports D branches/mskrb-integ/src/lib/krb4/lifetime.c D branches/mskrb-integ/src/lib/krb4/log.c D branches/mskrb-integ/src/lib/krb4/mac_glue.c D branches/mskrb-integ/src/lib/krb4/mac_store.c D branches/mskrb-integ/src/lib/krb4/mac_store.h D branches/mskrb-integ/src/lib/krb4/mac_stubs.c D branches/mskrb-integ/src/lib/krb4/mac_time.c D branches/mskrb-integ/src/lib/krb4/memcache.c D branches/mskrb-integ/src/lib/krb4/memcache.h D branches/mskrb-integ/src/lib/krb4/mk_auth.c D branches/mskrb-integ/src/lib/krb4/mk_err.c D branches/mskrb-integ/src/lib/krb4/mk_preauth.c D branches/mskrb-integ/src/lib/krb4/mk_priv.c D branches/mskrb-integ/src/lib/krb4/mk_req.c D branches/mskrb-integ/src/lib/krb4/mk_safe.c D branches/mskrb-integ/src/lib/krb4/month_sname.c D branches/mskrb-integ/src/lib/krb4/netread.c D branches/mskrb-integ/src/lib/krb4/netwrite.c D branches/mskrb-integ/src/lib/krb4/password_to_key.c D branches/mskrb-integ/src/lib/krb4/pkt_cipher.c D branches/mskrb-integ/src/lib/krb4/pkt_clen.c D branches/mskrb-integ/src/lib/krb4/prot_client.c D branches/mskrb-integ/src/lib/krb4/prot_common.c D branches/mskrb-integ/src/lib/krb4/prot_kdc.c D branches/mskrb-integ/src/lib/krb4/put_svc_key.c D branches/mskrb-integ/src/lib/krb4/rd_err.c D branches/mskrb-integ/src/lib/krb4/rd_preauth.c D branches/mskrb-integ/src/lib/krb4/rd_priv.c D branches/mskrb-integ/src/lib/krb4/rd_req.c D branches/mskrb-integ/src/lib/krb4/rd_safe.c D branches/mskrb-integ/src/lib/krb4/rd_svc_key.c D branches/mskrb-integ/src/lib/krb4/recvauth.c D branches/mskrb-integ/src/lib/krb4/ren-cyg.sh D branches/mskrb-integ/src/lib/krb4/ren-pc.bat D branches/mskrb-integ/src/lib/krb4/ren-pc.sh D branches/mskrb-integ/src/lib/krb4/ren-pl10.sh D branches/mskrb-integ/src/lib/krb4/ren.msg D branches/mskrb-integ/src/lib/krb4/ren2dos.sh D branches/mskrb-integ/src/lib/krb4/ren2long.sh D branches/mskrb-integ/src/lib/krb4/save_creds.c D branches/mskrb-integ/src/lib/krb4/sed-cyg.sh D branches/mskrb-integ/src/lib/krb4/sed-pc.sh D branches/mskrb-integ/src/lib/krb4/sed-pl10.sh D branches/mskrb-integ/src/lib/krb4/send_to_kdc.c D branches/mskrb-integ/src/lib/krb4/sendauth.c D branches/mskrb-integ/src/lib/krb4/setenv.c D branches/mskrb-integ/src/lib/krb4/stime.c D branches/mskrb-integ/src/lib/krb4/strcasecmp.c D branches/mskrb-integ/src/lib/krb4/strnlen.c D branches/mskrb-integ/src/lib/krb4/swab.c D branches/mskrb-integ/src/lib/krb4/tf_shm.c D branches/mskrb-integ/src/lib/krb4/tf_util.c D branches/mskrb-integ/src/lib/krb4/tkt_string.c D branches/mskrb-integ/src/lib/krb4/unix_glue.c D branches/mskrb-integ/src/lib/krb4/unix_time.c D branches/mskrb-integ/src/lib/krb4/vmslink.com D branches/mskrb-integ/src/lib/krb4/vmsswab.c D branches/mskrb-integ/src/lib/krb4/win_glue.c D branches/mskrb-integ/src/lib/krb4/win_store.c D branches/mskrb-integ/src/lib/krb4/win_time.c U branches/mskrb-integ/src/lib/krb5/ccache/ccdefault.c U branches/mskrb-integ/src/lib/krb5/krb/Makefile.in U branches/mskrb-integ/src/lib/krb5/krb/chk_trans.c U branches/mskrb-integ/src/lib/krb5/krb/t_kerb.c U branches/mskrb-integ/src/lib/krb5/krb/walk_rtree.c U branches/mskrb-integ/src/lib/krb5/krb/walktree-tests U branches/mskrb-integ/src/lib/krb5/libkrb5.exports U branches/mskrb-integ/src/lib/krb5/os/hst_realm.c U branches/mskrb-integ/src/lib/krb5/rcache/rc-int.h U branches/mskrb-integ/src/lib/krb5/rcache/rc_base.c U branches/mskrb-integ/src/lib/krb5/rcache/rc_base.h U branches/mskrb-integ/src/lib/krb5/rcache/rc_conv.c U branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.c U branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.h U branches/mskrb-integ/src/lib/krb5/rcache/rc_io.c U branches/mskrb-integ/src/lib/krb5/rcache/rc_io.h U branches/mskrb-integ/src/lib/krb5/rcache/rc_none.c U branches/mskrb-integ/src/lib/krb5/rcache/rcdef.c U branches/mskrb-integ/src/lib/krb5/rcache/rcfns.c U branches/mskrb-integ/src/lib/krb5/rcache/ser_rc.c U branches/mskrb-integ/src/lib/rpc/Makefile.in U branches/mskrb-integ/src/lib/rpc/auth_gssapi.c U branches/mskrb-integ/src/lib/rpc/auth_gssapi_misc.c U branches/mskrb-integ/src/lib/rpc/clnt_perror.c U branches/mskrb-integ/src/lib/rpc/clnt_simple.c A branches/mskrb-integ/src/lib/rpc/gssrpcint.h U branches/mskrb-integ/src/lib/rpc/svc_auth_gssapi.c U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/Makefile.in U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h U branches/mskrb-integ/src/slave/kpropd.c U branches/mskrb-integ/src/slave/kproplog.c U branches/mskrb-integ/src/tests/asn.1/krb5_decode_test.c U branches/mskrb-integ/src/tests/asn.1/krb5_encode_test.c U branches/mskrb-integ/src/tests/asn.1/ktest.c U branches/mskrb-integ/src/tests/asn.1/ktest.h U branches/mskrb-integ/src/tests/dejagnu/Makefile.in U branches/mskrb-integ/src/tests/dejagnu/config/default.exp U branches/mskrb-integ/src/tests/dejagnu/krb-root/telnet.exp U branches/mskrb-integ/src/tests/dejagnu/krb-standalone/standalone.exp D branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4gssftp.exp D branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4krb524d.exp D branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4standalone.exp U branches/mskrb-integ/src/util/depfix.pl U branches/mskrb-integ/src/util/ss/Makefile.in Modified: branches/mskrb-integ/README =================================================================== --- branches/mskrb-integ/README 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/README 2009-01-03 03:00:25 UTC (rev 21678) @@ -425,6 +425,10 @@ slave/kpropd_rpc.c slave/kproplog.c +and marked portions of the following files: + + lib/krb5/os/hst_realm.c + are subject to the following license: Copyright (c) 2004 Sun Microsystems, Inc. Modified: branches/mskrb-integ/doc/Makefile =================================================================== --- branches/mskrb-integ/doc/Makefile 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/Makefile 2009-01-03 03:00:25 UTC (rev 21678) @@ -26,11 +26,8 @@ USER_GUIDE_INCLUDES=definitions.texinfo copyright.texinfo glossary.texinfo USER_GUIDE_DEPS=user-guide.texinfo $(USER_GUIDE_INCLUDES) -KRB425_INCLUDES=definitions.texinfo copyright.texinfo -KRB425_DEPS=krb425.texinfo $(KRB425_INCLUDES) - .PHONY: all -all:: admin-guide-full install-guide-full user-guide-full krb425-guide-full clean-temp-ps clean-tex +all:: admin-guide-full install-guide-full user-guide-full clean-temp-ps clean-tex .PHONY: admin-guide-full admin-guide-full:: admin-guide admin-guide-info admin-guide-html @@ -118,28 +115,6 @@ $(MANTXT) $(SRCDIR)/kadmin/passwd/kpasswd.M | $(MANHTML) > kpasswd.html $(HTML) user-guide.texinfo -.PHONY: krb425-guide-full -krb425-guide-full:: krb425-guide krb425-guide-info krb425-guide-html - -.PHONY: krb425-guide -krb425-guide:: krb425-guide.ps - -krb425-guide.ps: $(KRB425_DEPS) - $(DVI) krb425.texinfo - $(DVIPS) krb425 - -.PHONY: krb425-guide-html -krb425-guide-html:: krb425.html - -krb425.html:: $(KRB425_DEPS) - $(HTML) krb425.texinfo - -.PHONY: krb425-guide-info -krb425-guide-info:: krb425.info - -krb425.info: $(KRB425_DEPS) - $(INFO) krb425.texinfo - .PHONY: implementor.ps implementor.pdf implementor.info implementor.pdf: implementor.ps $(PSPDF) implementor.ps Modified: branches/mskrb-integ/doc/admin.texinfo =================================================================== --- branches/mskrb-integ/doc/admin.texinfo 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/admin.texinfo 2009-01-03 03:00:25 UTC (rev 21678) @@ -502,18 +502,6 @@ code. @end ignore - at itemx krb4_srvtab -Specifies the location of the Kerberos V4 srvtab file. Default is - at value{DefaultKrb4Srvtab}. - - at itemx krb4_config -Specifies the location of hte Kerberos V4 configuration file. Default -is @value{DefaultKrb4Config}. - - at itemx krb4_realms -Specifies the location of the Kerberos V4 domain/realm translation -file. Default is @value{DefaultKrb4Realms}. - @itemx dns_lookup_kdc Indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm, if they are not listed in the information for @@ -637,33 +625,7 @@ that application's man pages. The application defaults specified here are overridden by those specified in the [realms] section. -A special application name (afs_krb5) is used by the krb524 service to -know whether new format AFS tokens based on Kerberos 5 can be used -rather than the older format which used a converted Kerberos 4 ticket. -The new format allows for cross-realm authentication without -introducing a security hole. It is used by default. Older AFS -servers (before OpenAFS 1.2.8) will not support the new format. If -servers in your cell do not support the new format, you will need to -add an @code{afs_krb5} relation to the @code{appdefaults} section. -The following config file shows how to disable new format AFS tickets -for the @code{afs.example.com} cell in the @code{EXAMPLE.COM} realm. - at smallexample - at group -[appdefaults] - afs_krb5 = @{ - EXAMPLE.COM = @{ - afs/afs.example.com = false - @} - @} - - at end group - at end smallexample - - - - - @node login, realms (krb5.conf), appdefaults, krb5.conf @subsection [login] @@ -675,20 +637,6 @@ Indicate whether or not to use a user's password to get V5 tickets. The default value is @value{DefaultKrb5GetTickets}. - at itemx krb4_get_tickets -Indicate whether or not to user a user's password to get V4 tickets. -The default value is @value{DefaultKrb4GetTickets}. - - at itemx krb4_convert -Indicate whether or not to use the Kerberos conversion daemon to get V4 -tickets. The default value is @value{DefaultKrb4Convert}. If this is -set to false and krb4_get_tickets is true, then login will get the V5 -tickets directly using the Kerberos V4 protocol directly. This does -not currently work with non-MIT-V4 salt types (such as the AFS3 salt -type). Note that if this is set to true and krb524d is not running, -login will hang for approximately a minute under Solaris, due to a -Solaris socket emulation bug. - @itemx krb_run_aklog Indicate whether or not to run aklog. The default value is @value{DefaultKrbRunAklog}. @@ -1493,14 +1441,8 @@ current implementation has little protection against denial-of-service attacks), the standard port number assigned for Kerberos TCP traffic is port 88. +- at end table - at itemx v4_mode -This string specifies how the KDC should respond to Kerberos 4 -packets. The possible values are none, disable, full, and nopreauth. -The default value is @value{DefaultV4Mode}. - at comment these values found in krb5/src/kdc/kerberos_v4.c in v4mode_table - at end table - @node realms (kdc.conf), pkinit kdc options, kdcdefaults, kdc.conf @subsection [realms] @@ -4353,7 +4295,6 @@ krb5_prop @value{DefaultKrbPropPort}/tcp # Kerberos slave propagation @c kpop 1109/tcp # Pop with Kerberos eklogin @value{DefaultEkloginPort}/tcp # Kerberos auth. & encrypted rlogin -krb524 @value{DefaultKrb524Port}/tcp # Kerberos 5 to 4 ticket translator @end group @end smallexample Modified: branches/mskrb-integ/doc/definitions.texinfo =================================================================== --- branches/mskrb-integ/doc/definitions.texinfo 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/definitions.texinfo 2009-01-03 03:00:25 UTC (rev 21678) @@ -131,10 +131,6 @@ @end ignore @set DefaultKrb5GetTickets true @comment login_krb5_get_tickets - at set DefaultKrb4GetTickets false - at comment login_krb4_get_tickets - at set DefaultKrb4Convert false - at comment login_krb4_convert @set DefaultKrbRunAklog false @comment login_krb_run_aklog @set DefaultAklogPath $(prefix)/bin/aklog @@ -143,13 +139,6 @@ @comment login_accept_password @ignore -the following defaults should be consistent with the values set in -krb5/src/kdc/kerberos_v4 - at end ignore - at set DefaultV4Mode none - at comment KDC_V4_DEFAULT_MODE - - at ignore these defaults are based on code in krb5/src/aclocal.m4 @end ignore @set DefaultDNSLookupKDC true @@ -175,14 +164,6 @@ @set DefaultFTPPort 21 @set DefaultKrb524Port 4444 - at comment src/include/kerberosIV/krb.h - at set DefaultKrb4Srvtab /etc/srvtab - at comment line 131 - at set DefaultKrb4Config /etc/krb.conf - at comment KRB_CONF - at set DefaultKrb4Realms /etc/krb.realms - at comment KRB_RLM_TRANS - @comment krb5/src/lib/krb5/krb/get_in_tkt.c @set DefaultRenewLifetime 0 @set DefaultNoaddresses set Modified: branches/mskrb-integ/doc/dnssrv.texinfo =================================================================== --- branches/mskrb-integ/doc/dnssrv.texinfo 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/dnssrv.texinfo 2009-01-03 03:00:25 UTC (rev 21678) @@ -59,10 +59,6 @@ This should list port @value{DefaultKpasswdPort} on your master KDC. It is used when a user changes her password. - at item _kerberos-iv._udp -This should refer to your KDCs that serve Kerberos version 4 requests, -if you have Kerberos v4 enabled. - @end table Be aware, however, that the DNS SRV specification requires that the Modified: branches/mskrb-integ/doc/install.texinfo =================================================================== --- branches/mskrb-integ/doc/install.texinfo 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/install.texinfo 2009-01-03 03:00:25 UTC (rev 21678) @@ -206,9 +206,6 @@ @item How frequently you will propagate the database from the master KDC to the slave KDCs. - - at item -Whether you need backward compatibility with Kerberos V4. @end itemize @menu @@ -1184,17 +1181,6 @@ @smallexample @group -# -# Note --- if you are using Kerberos V4 and you either: -# -# (a) haven't converted all your master or slave KDCs to V5, or -# -# (b) are worried about inter-realm interoperability with other KDC's -# that are still using V4 -# -# you will need to switch the "kerberos" service to port 750 and create a -# "kerberos-sec" service on port 88. -# kerberos @value{DefaultPort}/udp kdc # Kerberos V5 KDC kerberos @value{DefaultPort}/tcp kdc # Kerberos V5 KDC klogin @value{DefaultKloginPort}/tcp # Kerberos authenticated rlogin @@ -1208,13 +1194,6 @@ @end group @end smallexample - at noindent As described in the comments in the above code, if your master -KDC or any of your slave KDCs is running Kerberos V4, (or if you will be -authenticating to any Kerberos V4 KDCs in another realm) you will need -to switch the port number for @code{kerberos} to 750 and create a - at code{kerberos-sec} service (tcp and udp) on port 88, so the Kerberos -V4 KDC(s) will continue to work properly. - @menu * Mac OS X Configuration:: @end menu Deleted: branches/mskrb-integ/doc/krb4-xrealm.txt =================================================================== --- branches/mskrb-integ/doc/krb4-xrealm.txt 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/krb4-xrealm.txt 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,143 +0,0 @@ -The following text was taken from the patchkit disabling cross-realm -authentication and triple-DES in krb4. - -PATCH KIT DESCRIPTION -===================== - -** FLAG DAY REQUIRED ** - -One of the things we decided to do (and must do for security reasons) -was drop support for the 3DES krb4 TGTs. Unfortunately the current -code will only accept 3DES TGTs if it issues 3DES TGTs. Since the new -code issues only DES TGTs, the old code will not understand its v4 -TGTs if the site has a 3DES key available for the krbtgt principal. -The new code will understand and accept both DES and 3DES v4 TGTs. - -So, the easiest upgrade option is to deploy the code on all KDCs at -once, being sure to deploy it on the master KDC last. Under this -scenario, a brief window exists where slaves may be able to issue -tickets that the master will not understand. However, the slaves will -understand tickets issued by the master throughout the upgrade. - -An alternate and more annoying upgrade strategy exists. At least one -max TGT life time before the upgrade, the TGT key can be changed to be -a single-des key. Since we support adding a new TGT key while -preserving the old one, this does not create an interruption in -service. Since no 3DES key is available then both the old and new -code will issue and accept DES v4 TGTs. After the upgrade, the TGT -key can again be rekeyed to add 3DES keys. This does require two TGT -key changes and creates a window where DES is used for the v5 TGT, but -creates no window in which slaves will issue TGTs the master cannot -accept. - -* What the patch does -===================== - -1) Kerberos 4 cross-realm authentication is disabled by default. A - "-X" switch is added to both krb524d and krb5kdc to enable v4 - cross-realm. This switch logs a note that a security hole has been - opened in the KDC log. We said while designing the patch, that we - were going to try to allow per-realm configuration; because of a - design problem in the kadm5 library, we could not do this without - bumping the ABI version of that library. We are unwilling to bump - an ABI version in a security patch release to get that feature, so - the configuration of v4 cross-realm is a global switch. - -2) Code responsible for v5 TGTs has been changed to require that the - enctype of the ticket service key be the same as the enctype that - would currently be issued for that kvno. This means that even if a - service has multiple keys, you cannot use a weak key to fake the - KDC into accepting tickets for that service. If you have a non-DES - TGT key, this separates keys used for v4 and v5. We actually relax - this requirement for cross-realm TGT keys (which in the new code - are only used for v5) because we cannot guarantee other Kerberos - implementations will choose keys the same way. - -3) We no longer issue 3DES v4 tickets either in the KDC or krb524d. - We add code to accept either DES or 3DES tickets for v4. None of - the attacks discovered so far can be implemented given a KDC that - accepts but does not issue 3DES tickets, so we believe that leaving - this functionality in as compatibility for a version or two is - reasonable. Note however that the attacks described do allow - successful attackers to print future tickets, so sites probably - want to rekey important keys after installing this update. Note - also that even if issuance of 3DES v4 tickets has been disabled, - outstanding tickets may be used to perform the 3DES cut-and-paste - attack. - -* Test Cases -============ - -This code is difficult to test for two reasons. First, you need a -cross-realm relationship between two KDCs. Secondly, you need a KDC -that will issue 3DES v4 tickets even though the code with the patch -applied can no longer do this. - -I propose to meet these requirements by setting up a cross-realm 3DES -key between a realm I control and the test environment. In order to -provide concrete examples of what I plan to test with the automated -tests, I assume a shared key between a realm PREPATCH.KRBTEST.COM and the -test realm PATCH. - -In all of the following tests I assume the following configuration. -A principal v4test at PREPATCH.KRBTEST.COM exists with known password and -without requiring preauthentication. The PREPATCH.KRBTEST.COM KDC will -issue v4 tickets for this principal. A principal test at PATCH exists -with known password and without requiring preauthentication. A -principal service at PATCH exists. The TGT for the PATCH realm has a -3des and des key. The shared TGT keys between PATCH and -PREPATCH.KRBTEST.COM are identical in both directions (required for v4) and -support both 3DES and DES keys. - -1) Run krb524d and krb5kdc for PATCH with no special options using a - krb5.conf without permitted_enctypes (fully permissive). - - -A) Get v4 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that kvno -4 -service at PATCH fails with an unknown principal error and logs an error -about cross-realm being denied to the PATCH KDC log. This confirms -that v4 cross-realm is not accepted. - -B) Get v5 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that krb524init --p service at PATCH fails with a prohibited by policy error, but that -klist -5 includes a ticket for service at PATCH. This confirms that v5 -cross-realm works but the krb524d denies converting such a ticket into -a cross-realm ticket. Note that the krb524init currently in the -mainline source tree will not be useful for this test because the -client denies cross-realm for the simple reason that the v4 ticket -file format is not flexible enough to support it. The krb524init in -the 1.2.x release is useful for this test. - - -2) Restart the krb5kdc and krb524d for PATCH with the -X option - enabling v4 cross-realm. - -A) Confirm that the security warning is written to kdc.log. - -B) Get v4 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that kvno -4 -service at PATCH works and leaves a service at PATCH ticket in the cache. -This confirms that v4 cross-realm works in the KDC. It also confirms -that the KDC can accept 3DES v4 TGTs. The code path for decrypting a -TGT is the same for the local realm and for foreign realms, so I don't -see a need to test local 3DES TGTs in an automated manner although I -did test it manually. - -C) Get v5 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that krb524init --p service at PATCH works. This confirms that krb524d will issue -cross-realm tickets. They're completely useless because the v4 ticket -file can't represent them, but that's not our problem today. - -3) Start the kdc and krb524d with a krb5.conf that includes - permitted_enctypes only listing des-cbc-crc. Get tickets as - test at PATCH. Restart the KDC and confirm that kvno service fails - logging an error about permitted enctypes. This confirms that if - you manage to obtain a ticket of the wrong enctype it will not be - accepted later. - -These tests do not check to make sure that 3DES tickets are not -issued by the v4 code. I'm fairly certain that is true as I've -physically remove the calls to the routine that generates 3DES tickets -from the code in both the KDC and krb524d. These tests also do not -check to make sure that cross-realm TGTs are not required to follow -the strict enctype policy. I've tested that manually but don't know -how to test that without significantly complicating the test setup. Deleted: branches/mskrb-integ/doc/krb425.texinfo =================================================================== --- branches/mskrb-integ/doc/krb425.texinfo 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/krb425.texinfo 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,322 +0,0 @@ -\input texinfo @c -*-texinfo-*- - at c Note: the above texinfo file must include the "doubleleftarrow" - at c definitions added by jcb. - at c %**start of header - at c guide - at setfilename krb425.info - at settitle Upgrading to Kerberos V5 from Kerberos V4 - at c @setchapternewpage odd @c chapter begins on next odd page - at c @setchapternewpage on @c chapter begins on next page - at c @smallbook @c Format for 7" X 9.25" paper - at c %**end of header - - at paragraphindent 0 - at iftex - at parskip 6pt plus 6pt - at end iftex - - at dircategory Kerberos - at direntry -* krb425: (krb425). Upgrading to Kerberos V5 from V4 - at end direntry - - at include definitions.texinfo - at set EDITION 1.0 - at set UPDATED May 22, 2003 - - at finalout @c don't print black warning boxes - - at titlepage - at title Upgrading to @value{PRODUCT} from Kerberos V4 - at subtitle Release: @value{RELEASE} - at subtitle Document Edition: @value{EDITION} - at subtitle Last updated: @value{UPDATED} - at author @value{COMPANY} - - at page - at vskip 0pt plus 1filll - - at end titlepage - - at node Top, Copyright, (dir), (dir) - - at ifinfo -This document describes how to convert to @value{PRODUCT} from Kerberos V4. - at end ifinfo - - at menu -* Copyright:: -* Introduction:: -* Configuration Files:: -* Upgrading KDCs:: -* Upgrading Application Servers:: -* Upgrading Client machines:: -* Firewall Considerations:: - at end menu - - at node Copyright, Introduction, Top, Top - at unnumbered Copyright - at include copyright.texinfo - - at node Introduction, Configuration Files, Copyright, Top - at chapter Introduction - -As with most software upgrades, @value{PRODUCT} is generally backward -compatible but not necessarily forward compatible. The @value{PRODUCT} -daemons can interoperate with Kerberos V4 clients, but most of the -Kerberos V4 daemons can not interoperate with Kerberos V5 clients. This -suggests the following strategy for performing the upgrade: - - at enumerate - at item - at strong{Upgrade your KDCs.} This must be done first, so that -interactions with the Kerberos database, whether by Kerberos V5 clients -or by Kerberos V4 clients, will succeed. - - at item - at strong{Upgrade your servers.} This must be done before upgrading -client machines, so that the servers are able to respond to both -Kerberos V5 and Kerberos V4 queries. - - at item - at strong{Upgrade your client machines.} Do this only after your KDCs and -application servers are upgraded, so that all of your Kerberos V5 -clients will be talking to Kerberos V5 daemons. - at end enumerate - - at node Configuration Files, Upgrading KDCs, Introduction, Top - at chapter Configuration Files - -The Kerberos @code{krb5.conf} and KDC @code{kdc.conf} configuration -files allow additional tags for Kerberos V4 compatibility. - - at menu -* krb5.conf:: -* kdc.conf:: - at end menu - - at node krb5.conf, kdc.conf, Configuration Files, Configuration Files - at section krb5.conf - -If you used the defaults, both when you installed Kerberos V4 and when -you installed @value{PRODUCT}, you should not need to include any of -these tags. However, some or all of them may be necessary for -nonstandard installations. - - at menu -* libdefaults:: -* realms (krb5.conf):: -* AFS and the Appdefaults Section:: - at end menu - - at node libdefaults, realms (krb5.conf), krb5.conf, krb5.conf - at subsection [libdefaults] - -In the [libdefaults] section, the following additional tags may be used: - - at table @b - at item krb4_srvtab -Specifies the location of the Kerberos V4 srvtab file. Default is - at value{DefaultKrb4Srvtab}. - - at item krb4_config -Specifies the location of the Kerberos V4 configuration file. Default -is @value{DefaultKrb4Config}. - - at item krb4_realms -Specifies the location of the Kerberos V4 domain/realm translation -file. Default is @value{DefaultKrb4Realms}. - at end table - - at node realms (krb5.conf), AFS and the Appdefaults Section, libdefaults, krb5.conf - at subsection [realms] - -In the [realms] section, the following Kerberos V4 tags may be used: - at table @b - at itemx default_domain -Identifies the default domain for hosts in this realm. This is needed -for translating V4 principal names (which do not contain a domain name) -to V5 principal names. The default is your Kerberos realm name, -converted to lower case. - - at itemx v4_instance_convert -This subsection allows the administrator to configure exceptions to the -default_domain mapping rule. It contains V4 instances (tag name) which -should be translated to some specific hostname (tag value) as the second -component in a Kerberos V5 principal name. - - at itemx v4_realm -This relation allows the administrator to configure a different -realm name to be used when converting V5 principals to V4 -ones. This should only be used when running separate V4 and V5 -realms, with some external means of password sychronization -between the realms. - - at end table - - at node AFS and the Appdefaults Section, , realms (krb5.conf), krb5.conf - at subsection AFS and the Appdefaults Section - -Many Kerberos 4 sites also run the Andrew File System (AFS). - -Modern AFS servers (OpenAFS > 1.2.8) support the AFS 2b token format. -This allows AFS to use Kerberos 5 tickets rather than version 4 -tickets, enabling cross-realm authentication. By default, the - at file{krb524d} service will issue the new AFS 2b tokens. If you are -using old AFS servers, you will need to disable these new tokens. -Please see the documentation of the @code{appdefaults} section of - at file{krb5.conf} in the Kerberos Administration guide. - - - - at node kdc.conf, , krb5.conf, Configuration Files - at section kdc.conf - -Because Kerberos V4 requires a different type of salt for the encryption -type, you will need to change the @code{supported_enctypes} line in the -[realms] section to: - - at smallexample -supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 - at end smallexample - -This is the only change needed to the @code{kdc.conf} file. - - at node Upgrading KDCs, Upgrading Application Servers, Configuration Files, Top - at chapter Upgrading KDCs - -To convert your KDCs from Kerberos V4 to @value{PRODUCT}, do the -following: - - at enumerate - at item -Install @value{PRODUCT} on each KDC, according to the instructions in -the @value{PRODUCT} Installation Guide, up to the point where it tells -you to create the database. - - at item -Find the @code{kadmind} (V4) daemon process on the master KDC and kill -it. This will prevent changes to the Kerberos database while you -convert the database to the new Kerberos V5 format. - - at item -Create a dump of the V4 database in the directory where your V5 database -will reside by issuing the command: - - at smallexample -% kdb_util dump @value{ROOTDIR}/var/krb5kdc/v4-dump - at end smallexample - - at item -Load the V4 dump into a Kerberos V5 database, by issuing the command: - - at smallexample -% kdb5_util load_v4 v4-dump - at end smallexample - - at item -Create a Kerberos V5 stash file, if desired, by issuing the command: - - at smallexample -% kdb5_util stash - at end smallexample - - at item -Proceed with the rest of the @value{PRODUCT} installation as described -in the @value{PRODUCT} Installation Guide. When you get to the section -that tells you to start the @code{krb5kdc} and @code{kadmind} daemons, -first find and kill the Kerberos V4 @code{kerberos} daemon on each of -the KDCs. Then start the @code{krb5kdc} and @code{kadmind} daemons as -You will need to specify an argument to the @code{-4} command line option to enable Kerberos 4 compatibility. -See the @code{krb5kdc} man page for details. -directed. Finally, start the Kerberos V5 to V4 ticket translator -daemon, @code{krb524d}, by issuing the command: - - at smallexample -% @value{ROOTDIR}/sbin/krb524d -m > /dev/null & - at end smallexample - -If you have a stash file and you start the @code{krb5kdc} and - at code{kadmind} daemons at boot time, you should add the above line to -your @code{/etc/rc} (or @code{/etc/rc.local}) file on each KDC. - at end enumerate - - at node Upgrading Application Servers, Upgrading Client machines, Upgrading KDCs, Top - at chapter Upgrading Application Servers - -Install @value{PRODUCT} on each application server, according to the -instructions in the @value{PRODUCT} Installation Guide, with the -following exceptions: - - at itemize @bullet - at item -In the file @code{/etc/services}, add or edit the lines described in the - at value{PRODUCT} Installation Guide, with the following exception: - -in place of: - - at smallexample - at group -kerberos @value{DefaultPort}/udp kdc # Kerberos V5 KDC -kerberos @value{DefaultPort}/tcp kdc # Kerberos V5 KDC - at end group - at end smallexample - - at noindent -add instead: - - at smallexample - at group -kerberos-sec @value{DefaultPort}/udp kdc # Kerberos V5 KDC -kerberos-sec @value{DefaultPort}/tcp kdc # Kerberos V5 KDC - at end group - at end smallexample - - at item -Convert your Kerberos V4 srvtab file to Kerberos V5 keytab file as -follows: - - at smallexample - at group - at b{#} @value{ROOTDIR}/sbin/ktutil - at b{ktutil:} rst /etc/krb-srvtab - at b{ktutil:} wkt /etc/krb5.keytab - at b{ktutil:} q - at b{#} - at end group - at end smallexample - at end itemize - - at node Upgrading Client machines, Firewall Considerations, Upgrading Application Servers, Top - at chapter Upgrading Client machines - -Install @value{PRODUCT} on each client machine, according to the -instructions in the @value{PRODUCT} Installation Guide. - -Tell your users to add the appropriate directory to their paths. On -UNIX machines, this will probably be @code{@value{BINDIR}}. - -Note that if you upgrade your client machines before all of your -application servers are upgraded, your users will need to use the -Kerberos V4 programs to connect to application servers that are still -running Kerberos V4. (The one exception is the UNIX version of - at value{PRODUCT} telnet, which can connect to a Kerberos V4 and Kerberos -V5 application servers.) Users can use either the Kerberos V4 or - at value{PRODUCT} programs to connect to Kerberos V5 servers. - - at node Firewall Considerations, , Upgrading Client machines, Top - at chapter Firewall Considerations - - at value{PRODUCT} uses port @value{DefaultPort}, which is the port -assigned by the IETF, for KDC requests. Kerberos V4 used port - at value{DefaultSecondPort}. If your users will need to get to any KDCs -outside your firewall, you will need to allow TCP and UDP requests on -port @value{DefaultPort} for your users to get to off-site Kerberos V5 -KDCs, and on port @value{DefaultSecondPort} for your users to get to -off-site Kerberos V4 KDCs. - - at contents - at c second page break makes sure right-left page alignment works right - at c with a one-page toc, even though we don't have setchapternewpage odd. - at c end of texinfo file - at bye Deleted: branches/mskrb-integ/doc/old-V4-docs/README =================================================================== --- branches/mskrb-integ/doc/old-V4-docs/README 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/old-V4-docs/README 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,4 +0,0 @@ -These documentation files are old --- and refer to the Kerberos V4 -implementation. They are included because the equivalent V5 documentation -set have not been written yet, and the concepts contained in these documents -may be helpful. Deleted: branches/mskrb-integ/doc/old-V4-docs/installation.PS =================================================================== --- branches/mskrb-integ/doc/old-V4-docs/installation.PS 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/old-V4-docs/installation.PS 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,2338 +0,0 @@ -%!PS-Adobe-2.0 -%%Title: installation.mss -%%DocumentFonts: (atend) -%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700) -%%CreationDate: 4 January 1990 11:56 -%%Pages: (atend) -%%EndComments -% PostScript Prelude for Scribe. -/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def -/ES {showpage SV restore} bind def -/SC {setrgbcolor} bind def -/FMTX matrix def -/RDF {WFT SLT 0.0 eq - {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore} - {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore} - ifelse makefont setfont} bind def -/SLT 0.0 def -/SI { /SLT exch cvr def RDF} bind def -/WFT /Courier findfont def -/SF { /WFT exch findfont def RDF} bind def -/SSZ 1000.0 def -/SS { /SSZ exch 100.0 mul def RDF} bind def -/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def -/MT /moveto load def -/XM {currentpoint exch pop moveto} bind def -/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto - setlinewidth 0.0 rlineto stroke grestore} bind def -/LH {gsave newpath moveto setlinewidth - 0.0 rlineto - gsave stroke grestore} bind def -/LV {gsave newpath moveto setlinewidth - 0.0 exch rlineto - gsave stroke grestore} bind def -/BX {gsave newpath moveto setlinewidth - exch - dup 0.0 rlineto - exch 0.0 exch neg rlineto - neg 0.0 rlineto - closepath - gsave stroke grestore} bind def -/BX1 {grestore} bind def -/BX2 {setlinewidth 1 setgray stroke grestore} bind def -/PB {/PV save def newpath translate - 100.0 -100.0 scale pop /showpage {} def} bind def -/PE {PV restore} bind def -/GB {/PV save def newpath translate rotate - div dup scale 100.0 -100.0 scale /showpage {} def} bind def -/GE {PV restore} bind def -/FB {dict dup /FontMapDict exch def begin} bind def -/FM {cvn exch cvn exch def} bind def -/FE {end /original-findfont /findfont load def /findfont - {dup FontMapDict exch known{FontMapDict exch get} if - original-findfont} def} bind def -/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def -/EC /grestore load def -/SH /show load def -/MX {exch show 0.0 rmoveto} bind def -/W {0 32 4 -1 roll widthshow} bind def -/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def -/RC {100.0 -100.0 scale -612.0 0.0 translate --90.0 rotate -.01 -.01 scale} bind def -/URC {100.0 -100.0 scale -90.0 rotate --612.0 0.0 translate -.01 -.01 scale} bind def -/RCC {100.0 -100.0 scale -0.0 -792.0 translate 90.0 rotate -.01 -.01 scale} bind def -/URCC {100.0 -100.0 scale --90.0 rotate 0.0 792.0 translate -.01 -.01 scale} bind def -%%EndProlog -%%Page: 0 1 -BS -0 SI -20 /Times-Bold AF -18823 13788 MT -(Kerberos Installation Notes)SH -27156 15798 MT -(DRAFT)SH -16 /Times-Roman AF -27021 23502 MT -(Bill Bryant)SH -25557 25150 MT -(Jennifer Steiner)SH -27289 26798 MT -(John Kohl)SH -23957 30444 MT -(Project Athena, MIT)SH -/Times-Bold SF -19489 36042 MT -(Initial Release, January 24, 1989)SH -/Times-Italic SF -17558 37690 MT -(\050plus later patches through patchlevel 7\051)SH -11 /Times-Roman AF -7200 45644 MT -(The release consists of three parts.)SH -7200 47942 MT -(The first part consists of the core Kerberos system, which was developed at MIT and does not require)SH -7200 49138 MT -(additional licenses for us to distribute. Included in this part are the Kerberos authentication server, the)SH -7200 50334 MT -(Kerberos library, the)SH -/Times-Italic SF -16606 XM -(ndbm)SH -/Times-Roman SF -19325 XM -(database interface library, user programs, administration programs, manual)SH -7200 51530 MT -(pages, some applications which use Kerberos for authentication, and some utilities.)SH -7200 53828 MT -(The second part is the Data Encryption Standard \050DES\051 library, which we are distributing only within the)SH -7200 55024 MT -(United States.)SH -7200 57322 MT -(The third part contains Kerberos modifications to Sun's NFS, which we distribute as ``context diffs'' to)SH -7200 58518 MT -(the Sun NFS source code. Its distribution is controlled to provide an accounting of who has retrieved the)SH -7200 59714 MT -(patches, so that Project Athena can comply with its agreements with Sun regarding distribution of these)SH -7200 60910 MT -(changes.)SH -ES -%%Page: 1 2 -BS -0 SI -16 /Times-Bold AF -7200 8272 MT -(1. Organization) -400 W( of the Source Directory)SH -11 /Times-Roman AF -7200 10467 MT -(The Kerberos building and installation process, as described in this document, builds the binaries and)SH -7200 11663 MT -(executables from the files contained in the Kerberos source tree, and deposits them in a separate object)SH -7200 12859 MT -(tree. This) -275 W( is intended to easily support several different build trees from a single source tree \050this is useful)SH -7200 14055 MT -(if you support several machine architectures\051. We suggest that you copy the Kerberos sources into a)SH -/Times-Italic SF -7200 15251 MT -(/mit/kerberos/src)SH -/Times-Roman SF -14991 XM -(directory, and create as well a)SH -/Times-Italic SF -28396 XM -(/mit/kerberos/obj)SH -/Times-Roman SF -36249 XM -(directory in which to hold the)SH -7200 16447 MT -(executables. In) -275 W( the rest of this document, we'll refer to the Kerberos source and object directories as)SH -7200 17643 MT -([SOURCE_DIR] and [OBJ_DIR], respectively.)SH -7200 19941 MT -(Below is a brief overview of the organization of the complete source directory. More detailed)SH -7200 21137 MT -(descriptions follow.)SH -/Times-Bold SF -7200 23088 MT -(admin)SH -/Times-Roman SF -18200 XM -(utilities for the Kerberos administrator)SH -/Times-Bold SF -7200 24783 MT -(appl)SH -/Times-Roman SF -18200 XM -(applications that use Kerberos)SH -/Times-Bold SF -7200 26478 MT -(appl/bsd)SH -/Times-Roman SF -18200 XM -(Berkeley's rsh/rlogin suite, using Kerberos)SH -/Times-Bold SF -7200 28173 MT -(appl/knetd)SH -/Times-Roman SF -18200 XM -(\050old\051 software for inetd-like multiplexing of a single TCP listening port)SH -/Times-Bold SF -7200 29868 MT -(appl/sample)SH -/Times-Roman SF -18200 XM -(sample application servers and clients)SH -/Times-Bold SF -7200 31563 MT -(appl/tftp)SH -/Times-Roman SF -18200 XM -(Trivial File Transfer Protocol, using Kerberos)SH -/Times-Bold SF -7200 33258 MT -(include)SH -/Times-Roman SF -18200 XM -(include files)SH -/Times-Bold SF -7200 34953 MT -(kadmin)SH -/Times-Roman SF -18200 XM -(remote administrative interface to the Kerberos master database)SH -/Times-Bold SF -7200 36648 MT -(kuser)SH -/Times-Roman SF -18200 XM -(assorted user programs)SH -/Times-Bold SF -7200 38343 MT -(lib)SH -/Times-Roman SF -18200 XM -(libraries for use with/by Kerberos)SH -/Times-Bold SF -7200 40038 MT -(lib/acl)SH -/Times-Roman SF -18200 XM -(Access Control List library)SH -/Times-Bold SF -7200 41733 MT -(lib/des)SH -/Times-Roman SF -18200 XM -(Data Encryption Standard library \050US only\051)SH -/Times-Bold SF -7200 43428 MT -(lib/kadm)SH -/Times-Roman SF -18200 XM -(administrative interface library)SH -/Times-Bold SF -7200 45123 MT -(lib/kdb)SH -/Times-Roman SF -18200 XM -(Kerberos server library interface to)SH -/Times-Italic SF -33925 XM -(ndbm)SH -/Times-Bold SF -7200 46818 MT -(lib/knet)SH -/Times-Roman SF -18200 XM -(\050old\051 library for use with)SH -/Times-Bold SF -29349 XM -(knetd)SH -7200 48513 MT -(lib/krb)SH -/Times-Roman SF -18200 XM -(Kerberos library)SH -/Times-Bold SF -7200 50208 MT -(man)SH -/Times-Roman SF -18200 XM -(manual pages)SH -/Times-Bold SF -7200 51903 MT -(prototypes)SH -/Times-Roman SF -18200 XM -(sample configuration files)SH -/Times-Bold SF -7200 53598 MT -(server)SH -/Times-Roman SF -18200 XM -(the authentication server)SH -/Times-Bold SF -7200 55293 MT -(slave)SH -/Times-Roman SF -18200 XM -(Kerberos slave database propagation software)SH -/Times-Bold SF -7200 56988 MT -(tools)SH -/Times-Roman SF -18200 XM -(shell scripts for maintaining the source tree)SH -/Times-Bold SF -7200 58683 MT -(util)SH -/Times-Roman SF -18200 XM -(utilities)SH -/Times-Bold SF -7200 60378 MT -(util/imake)SH -/Times-Roman SF -18200 XM -(Imakefile-to-Makefile ``compilation'' tool)SH -/Times-Bold SF -7200 62073 MT -(util/ss)SH -/Times-Roman SF -18200 XM -(Sub-system library \050for command line subsystems\051)SH -/Times-Bold SF -7200 63768 MT -(util/et)SH -/Times-Roman SF -18200 XM -(Error-table library \050for independent, unique error codes\051)SH -/Times-Bold SF -7200 65463 MT -(util/makedepend)SH -/Times-Roman SF -18200 XM -(Makefile dependency generator tool)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(1)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 2 3 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(1.1 The)350 W -/Times-BoldItalic SF -12334 XM -(admin)SH -/Times-Bold SF -16340 XM -(Directory)SH -11 /Times-Roman AF -7200 10362 MT -(This directory contains source for the Kerberos master database administration tools.)SH -/Times-Bold SF -7200 12313 MT -(kdb_init)SH -/Times-Roman SF -18200 XM -(This program creates and initializes the Kerberos master database. It prompts)SH -18200 13509 MT -(for a Kerberos realmname, and the Kerberos master password.)SH -/Times-Bold SF -7200 15204 MT -(kstash)SH -/Times-Roman SF -18200 XM -(This program ``stashes'' the master password in the file)SH -/Times-Italic SF -43033 XM -(/.k)SH -/Times-Roman SF -44377 XM -(so that the master)SH -18200 16400 MT -(server machine can restart the Kerberos server automatically after an unattended)SH -18200 17596 MT -(reboot. The) -275 W( hidden password is also available to administrative programs that)SH -18200 18792 MT -(have been set to run automatically.)SH -/Times-Bold SF -7200 20487 MT -(kdb_edit)SH -/Times-Roman SF -18200 XM -(This program is a low-level tool for editing the master database.)SH -/Times-Bold SF -7200 22182 MT -(kdb_destroy)SH -/Times-Roman SF -18200 XM -(This program deletes the master database.)SH -/Times-Bold SF -7200 23877 MT -(kdb_util)SH -/Times-Roman SF -18200 XM -(This program can be used to dump the master database into an ascii file, and can)SH -18200 25073 MT -(also be used to load the ascii file into the master database.)SH -/Times-Bold SF -7200 26768 MT -(ext_srvtab)SH -/Times-Roman SF -18200 XM -(This program extracts information from the master database and creates a host-)SH -18200 27964 MT -(dependent)SH -/Times-Italic SF -22995 XM -(srvtab)SH -/Times-Roman SF -26020 XM -(file. This) -275 W( file contains the Kerberos keys for the host's)SH -18200 29160 MT -(``Kerberized'' services. These services look up their keys in the)SH -/Times-Italic SF -46846 XM -(srvtab)SH -/Times-Roman SF -49871 XM -(file for)SH -18200 30356 MT -(use in the authentication process.)SH -14 /Times-Bold AF -7200 34203 MT -(1.2 The)350 W -/Times-BoldItalic SF -12334 XM -(kuser)SH -/Times-Bold SF -15874 XM -(Directory)SH -11 /Times-Roman AF -7200 36398 MT -(This directory contains the source code for several user-oriented programs.)SH -/Times-Bold SF -7200 38349 MT -(kinit)SH -/Times-Roman SF -18200 XM -(This program prompts users for their usernames and Kerberos passwords, then)SH -18200 39545 MT -(furnishes them with Kerberos ticket-granting tickets.)SH -/Times-Bold SF -7200 41240 MT -(kdestroy)SH -/Times-Roman SF -18200 XM -(This program destroys any active tickets. Users should use)SH -/Times-Italic SF -44563 XM -(kdestroy)SH -/Times-Roman SF -48564 XM -(before they)SH -18200 42436 MT -(log off their workstations.)SH -/Times-Bold SF -7200 44131 MT -(klist)SH -/Times-Roman SF -18200 XM -(This program lists a user's active tickets.)SH -/Times-Bold SF -7200 45826 MT -(ksrvtgt)SH -/Times-Roman SF -18200 XM -(This retrieves a ticket-granting ticket with a life time of five minutes, using a)SH -18200 47022 MT -(server's secret key in lieu of a password. It is primarily for use in shell scripts)SH -18200 48218 MT -(and other batch facilities.)SH -/Times-Bold SF -7200 49913 MT -(ksu)SH -/Times-Roman SF -18200 XM -(Substitute user id, using Kerberos to mediate attempts to change to ``root''.)SH -14 /Times-Bold AF -7200 53760 MT -(1.3 The)350 W -/Times-BoldItalic SF -12334 XM -(appl)SH -/Times-Bold SF -15173 XM -(Directory)SH -11 /Times-Roman AF -7200 55955 MT -(If your site has the appropriate BSD license, your Kerberos release provides certain Unix utilities The)SH -7200 57151 MT -(Berkeley programs that have been modified to use Kerberos authentication are found in the)SH -/Times-Italic SF -47640 XM -(appl/bsd)SH -/Times-Roman SF -7200 58347 MT -(directory. They) -275 W( include)SH -/Times-Italic SF -18043 XM -(login)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -20855 XM -(rlogin)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24095 XM -(rsh)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -27914 XM -(rcp)SH -/Times-Roman SF -(, as well as the associated daemon programs)SH -/Times-Italic SF -49081 XM -(kshd)SH -/Times-Roman SF -51372 XM -(and)SH -/Times-Italic SF -7200 59543 MT -(klogind)SH -/Times-Roman SF -(. The)275 W -/Times-Italic SF -13310 XM -(login)SH -/Times-Roman SF -15847 XM -(program obtains ticket-granting tickets for users upon login; the other utilities provide)SH -7200 60739 MT -(authenticated Unix network services.)SH -7200 63037 MT -(The)SH -/Times-Italic SF -9185 XM -(appl)SH -/Times-Roman SF -11416 XM -(directory also contains samples Kerberos application client and server programs, an)SH -7200 64233 MT -(authenticated)SH -/Times-Italic SF -13339 XM -(tftp)SH -/Times-Roman SF -15082 XM -(program,)SH -/Times-Italic SF -19358 XM -(knetd)SH -/Times-Roman SF -(, an authenticated inet daemon.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(2)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 3 4 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(1.4 The)350 W -/Times-BoldItalic SF -12334 XM -(server)SH -/Times-Bold SF -16185 XM -(Directory)SH -11 /Times-Roman AF -7200 10362 MT -(The)SH -/Times-Italic SF -9185 XM -(server)SH -/Times-Roman SF -12208 XM -(directory contains the Kerberos KDC server, called)SH -/Times-Italic SF -35052 XM -(kerberos)SH -/Times-Roman SF -(. This) -275 W( program manages read-)SH -7200 11558 MT -(only requests made to the master database, distributing tickets and encryption keys to clients requesting)SH -7200 12754 MT -(authentication service.)SH -14 /Times-Bold AF -7200 16601 MT -(1.5 The)350 W -/Times-BoldItalic SF -12334 XM -(kadmin)SH -/Times-Bold SF -17040 XM -(Directory)SH -11 /Times-Roman AF -7200 18796 MT -(The)SH -/Times-Italic SF -9185 XM -(kadmin)SH -/Times-Roman SF -12698 XM -(directory contains the Kerberos administration server and associated client programs. The)SH -7200 19992 MT -(server accepts network requests from the user program)SH -/Times-Italic SF -31570 XM -(kpasswd)SH -/Times-Roman SF -35573 XM -(\050used to change a user's password\051, the)SH -7200 21188 MT -(Kerberos administration program)SH -/Times-Italic SF -22137 XM -(kadmin)SH -/Times-Roman SF -(, and the srvtab utility program)SH -/Times-Italic SF -39276 XM -(ksrvutil)SH -/Times-Roman SF -(. The) -275 W( administration)SH -7200 22384 MT -(server can make modifications to the master database.)SH -14 /Times-Bold AF -7200 26231 MT -(1.6 The)350 W -/Times-BoldItalic SF -12334 XM -(include)SH -/Times-Bold SF -16962 XM -(Directory)SH -11 /Times-Roman AF -7200 28426 MT -(This directory contains the)SH -/Times-Italic SF -19236 XM -(include)SH -/Times-Roman SF -22749 XM -(files needed to build the Kerberos system.)SH -14 /Times-Bold AF -7200 32273 MT -(1.7 The)350 W -/Times-BoldItalic SF -12334 XM -(lib)SH -/Times-Bold SF -14162 XM -(Directory)SH -11 /Times-Roman AF -7200 34468 MT -(The)SH -/Times-Italic SF -9185 XM -(lib)SH -/Times-Roman SF -10622 XM -(directory has six subdirectories:)SH -/Times-Italic SF -25193 XM -(acl)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -27087 XM -(des)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -29103 XM -(kadm)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -32035 XM -(kdb)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -34173 XM -(knet)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -38418 XM -(krb)SH -/Times-Roman SF -(. The)275 W -/Times-Italic SF -42694 XM -(des)SH -/Times-Roman SF -44435 XM -(directory contains)SH -7200 35664 MT -(source for the DES encryption library. The)SH -/Times-Italic SF -26595 XM -(kadm)SH -/Times-Roman SF -29252 XM -(directory contains source for the Kerberos)SH -7200 36860 MT -(administration server utility library. The)SH -/Times-Italic SF -25439 XM -(kdb)SH -/Times-Roman SF -27302 XM -(directory contains source for the Kerberos database routine)SH -7200 38056 MT -(library. The)275 W -/Times-Italic SF -12942 XM -(knet)SH -/Times-Roman SF -15049 XM -(directory contains source for a library used by clients of the)SH -/Times-Italic SF -41530 XM -(knetd)SH -/Times-Roman SF -44187 XM -(server. The)275 W -/Times-Italic SF -49683 XM -(krb)SH -/Times-Roman SF -7200 39252 MT -(directory contains source for the)SH -/Times-Italic SF -21707 XM -(libkrb.a)SH -/Times-Roman SF -25435 XM -(library. This) -275 W( library contains routines that are used by the)SH -7200 40448 MT -(Kerberos server program, and by applications programs that require authentication service.)SH -14 /Times-Bold AF -7200 44295 MT -(1.8 The)350 W -/Times-BoldItalic SF -12334 XM -(man)SH -/Times-Bold SF -15251 XM -(Directory)SH -11 /Times-Roman AF -7200 46490 MT -(This directory contains manual pages for Kerberos programs and library routines.)SH -14 /Times-Bold AF -7200 50337 MT -(1.9 The)350 W -/Times-BoldItalic SF -12334 XM -(prototypes)SH -/Times-Bold SF -18596 XM -(Directory)SH -11 /Times-Roman AF -7200 52532 MT -(This directory contains prototype)SH -/Times-Italic SF -22108 XM -(/etc/services)SH -/Times-Roman SF -27819 XM -(and)SH -/Times-Italic SF -29682 XM -(/etc/krb.conf)SH -/Times-Roman SF -35486 XM -(files. New) -275 W( entries must be added to the)SH -/Times-Italic SF -7200 53728 MT -(/etc/services)SH -/Times-Roman SF -12911 XM -(file for the Kerberos server, and possibly for Kerberized applications \050)SH -/Times-Italic SF -(services.append)SH -/Times-Roman SF -7200 54924 MT -(contains the entries used by the Athena-provided servers & applications, and is suitable for appending to)SH -7200 56120 MT -(your existing)SH -/Times-Italic SF -13250 XM -(/etc/services)SH -/Times-Roman SF -18961 XM -(file.\051. The)275 W -/Times-Italic SF -23878 XM -(/etc/krb.conf)SH -/Times-Roman SF -29682 XM -(file defines the local Kerberos realm for its host and)SH -7200 57316 MT -(lists Kerberos servers for given realms. The)SH -/Times-Italic SF -26961 XM -(/etc/krb.realms)SH -/Times-Roman SF -33865 XM -(file defines exceptions for mapping machine)SH -7200 58512 MT -(names to Kerberos realms.)SH -14 /Times-Bold AF -7200 62359 MT -(1.10 The)350 W -/Times-BoldItalic SF -13034 XM -(tools)SH -/Times-Bold SF -16107 XM -(Directory)SH -11 /Times-Roman AF -7200 64554 MT -(This directory contains a makefile to set up a directory tree for building the software in, and a shell script)SH -7200 65750 MT -(to format code in the style we use.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(3)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 4 5 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(1.11 The)350 W -/Times-BoldItalic SF -13034 XM -(util)SH -/Times-Bold SF -15329 XM -(Directory)SH -11 /Times-Roman AF -7200 10362 MT -(This directory contains several utility programs and libraries. Included are Larry Wall's)SH -/Times-Italic SF -46296 XM -(patch)SH -/Times-Roman SF -49015 XM -(program, a)SH -/Times-Italic SF -7200 11558 MT -(make)SH -/Times-Roman SF -9795 XM -(pre-processor program called)SH -/Times-Italic SF -22956 XM -(imake)SH -/Times-Roman SF -(, and a program for generating Makefile dependencies,)SH -/Times-Italic SF -7200 12754 MT -(makedepend)SH -/Times-Roman SF -(, as well as the Sub-system library and utilities \050)SH -/Times-Italic SF -(ss)SH -/Times-Roman SF -(\051, and the Error table library and utilities)SH -7200 13950 MT -(\050)SH -/Times-Italic SF -(et)SH -/Times-Roman SF -(\051.)SH -16 /Times-Bold AF -7200 18622 MT -(2. Preparing) -400 W( for Installation)SH -11 /Times-Roman AF -7200 20817 MT -(This document assumes that you will build the system on the machine on which you plan to install the)SH -7200 22013 MT -(Kerberos master server and its database. You'll need about 10 megabytes for source and executables.)SH -7200 24311 MT -(By default, there must be a)SH -/Times-Italic SF -19327 XM -(/kerberos)SH -/Times-Roman SF -23756 XM -(directory on the master server machine in which to store the)SH -7200 25507 MT -(Kerberos database files. If the master server machine does not have room on its root partition for these)SH -7200 26703 MT -(files, create a)SH -/Times-Italic SF -13306 XM -(/kerberos)SH -/Times-Roman SF -17735 XM -(symbolic link to another file system.)SH -16 /Times-Bold AF -7200 31375 MT -(3. Preparing) -400 W( for the Build)SH -11 /Times-Roman AF -7200 33570 MT -(Before you build the system, you have to choose a)SH -/Times-Bold SF -29653 XM -(realm name)SH -/Times-Roman SF -(, the name that specifies the system's)SH -7200 34766 MT -(administrative domain. Project Athena uses the internet domain name ATHENA.MIT.EDU to specify its)SH -7200 35962 MT -(Kerberos realm name. We recommend using a name of this form.)SH -/Times-Bold SF -36857 XM -(NOTE:)SH -/Times-Roman SF -40616 XM -(the realm-name is case)SH -7200 37158 MT -(sensitive; by convention, we suggest that you use your internet domain name, in capital letters.)SH -7200 39456 MT -(Edit the [SOURCE_DIR]/)SH -/Times-Italic SF -(include/krb.h)SH -/Times-Roman SF -24860 XM -(file and look for the following lines of code:)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(4)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 5 6 -BS -0 SI -11 /Courier AF -8520 7886 MT -(/*)SH -9180 9000 MT -(* Kerberos specific definitions)SH -9180 10114 MT -(*)SH -9180 11228 MT -(* KRBLOG is the log file for the kerberos master server.)SH -9180 12342 MT -(* KRB_CONF is the configuration file where different host)SH -9180 13456 MT -(* machines running master and slave servers can be found.)SH -9180 14570 MT -(* KRB_MASTER is the name of the machine with the master)SH -9180 15684 MT -(* database. The admin_server runs on this machine, and all)SH -9180 16798 MT -(* changes to the db \050as opposed to read-only requests, which)SH -9180 17912 MT -(* can go to slaves\051 must go to it.)SH -9180 19026 MT -(* KRB_HOST is the default machine when looking for a kerberos)SH -9180 20140 MT -(* slave server. Other possibilities are in the KRB_CONF file.)SH -9180 21254 MT -(* KRB_REALM is the name of the realm.)SH -9180 22368 MT -(*/)SH -8520 24596 MT -(#ifdef notdef)SH -8520 25710 MT -(this is server-only, does not belong here;)SH -8520 26824 MT -(#define KRBLOG) -3960 W( "/kerberos/kerberos.log")5940 W -8520 27938 MT -(are these used anyplace '?';)SH -8520 29052 MT -(#define VX_KRB_HSTFILE) -9240 W( "/etc/krbhst")660 W -8520 30166 MT -(#define PC_KRB_HSTFILE) -9240 W( "\134\134kerberos\134\134krbhst")660 W -8520 31280 MT -(#endif)SH -8520 33508 MT -(#define KRB_CONF) -9240 W( "/etc/krb.conf")4620 W -8520 34622 MT -(#define KRB_RLM_TRANS) -9240 W( "/etc/krb.realms")1320 W -8520 35736 MT -(#define KRB_MASTER) -9240 W( "kerberos")3300 W -8520 36850 MT -(#define KRB_HOST) -9240 W( KRB_MASTER)5280 W -8520 37964 MT -(#define KRB_REALM) -9240 W( "ATHENA.MIT.EDU")3960 W -/Times-Roman SF -7200 39559 MT -(Edit the last line as follows:)SH -9400 41510 MT -(1.)SH -10500 XM -(Change the KRB_REALM definition so that it specifies the realm name you have chosen)SH -10500 42706 MT -(for your Kerberos system. This is a default which is usually overridden by a configuration)SH -10500 43902 MT -(file on each machine; however, if that config file is absent, many programs will use this)SH -10500 45098 MT -("built-in" realm name.)SH -14 /Times-Bold AF -7200 48945 MT -(3.1 The)350 W -/Times-BoldItalic SF -12334 XM -(/etc/krb.conf)SH -/Times-Bold SF -19956 XM -(File)SH -11 /Times-Roman AF -7200 51140 MT -(Create a)SH -/Times-Italic SF -11108 XM -(/etc/krb.conf)SH -/Times-Roman SF -16912 XM -(file using the following format:)SH -/Times-BoldItalic SF -8520 52740 MT -(realm_name)SH -8520 53854 MT -(realm_name master_server_name)1045 W -/Courier SF -25594 XM -(admin server)SH -/Times-Roman SF -7200 55449 MT -(where)SH -/Times-Italic SF -10161 XM -(realm_name)SH -/Times-Roman SF -15934 XM -(specifies the system's realm name, and)SH -/Times-Italic SF -33375 XM -(master_server_name)SH -/Times-Roman SF -42874 XM -(specifies the machine)SH -7200 56645 MT -(name on which you will run the master server. The words 'admin server' must appear next to the name of)SH -7200 57841 MT -(the server on which you intend to run the administration server \050which must be a machine with access to)SH -7200 59037 MT -(the database\051.)SH -7200 61335 MT -(For example, if your realm name is)SH -/Times-Italic SF -22962 XM -(tim.edu)SH -/Times-Roman SF -26506 XM -(and your master server's name is)SH -/Times-Italic SF -41288 XM -(kerberos.tim.edu)SH -/Times-Roman SF -(, the file)SH -7200 62531 MT -(should have these contents:)SH -/Courier SF -8520 64057 MT -(tim.edu)SH -8520 65171 MT -(tim.edu kerberos.tim.edu) -660 W( admin server)SH -/Times-Roman SF -7200 67469 MT -(See the [SOURCE_DIR]/)SH -/Times-Italic SF -(prototypes/etc.krb.conf)SH -/Times-Roman SF -28921 XM -(file for an example)SH -/Times-Italic SF -37533 XM -(/etc/krb.conf)SH -/Times-Roman SF -43337 XM -(file. That) -275 W( file has)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(5)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 6 7 -BS -0 SI -11 /Times-Roman AF -7200 7955 MT -(examples of how to provide backup servers for a given realm \050additional lines with the same leading)SH -7200 9151 MT -(realm name\051 and how to designate servers for remote realms.)SH -14 /Times-Bold AF -7200 12998 MT -(3.2 The)350 W -/Times-BoldItalic SF -12334 XM -(/etc/krb.realms)SH -/Times-Bold SF -21280 XM -(File)SH -11 /Times-Roman AF -7200 15193 MT -(In many situations, the default realm in which a host operates will be identical to the domain portion its)SH -7200 16389 MT -(Internet domain name.)SH -7200 18687 MT -(If this is not the case, you will need to establish a translation from host name or domain name to realm)SH -7200 19883 MT -(name. This) -275 W( is accomplished with the)SH -/Times-Italic SF -23820 XM -(/etc/krb.realms)SH -/Times-Roman SF -30724 XM -(file.)SH -7200 22181 MT -(Each line of the translation file specifies either a hostname or domain name, and its associated realm:)SH -/Courier SF -8520 23707 MT -(.domain.name kerberos.realm1)SH -8520 24821 MT -(host.name kerberos.realm2)SH -/Times-Roman SF -7200 26416 MT -(For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1 but the host)SH -7200 27612 MT -(FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read:)SH -/Courier SF -8520 29138 MT -(.LSC.TIM.EDU KRB.REALM1)SH -8520 30252 MT -(FILMS.LSC.TIM.EDU KRB.REALM2)SH -/Times-Roman SF -7200 31847 MT -(If a particular host matches both a domain and a host entry, the host entry takes precedence.)SH -16 /Times-Bold AF -7200 36519 MT -(4. Building) -400 W( the Software)SH -11 /Times-Roman AF -7200 38714 MT -(Before you build the software read the)SH -/Times-Bold SF -24395 XM -(README)SH -/Times-Roman SF -29558 XM -(file in [SOURCE_DIR]. What follows is a more)SH -7200 39910 MT -(detailed description of the instructions listed in README.)SH -9400 41861 MT -(1.)SH -10500 XM -(Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you are about to)SH -10500 43057 MT -(build, for example,)SH -/Times-Italic SF -19145 XM -(/mit/kerberos/obj)SH -/Times-Roman SF -(.)SH -9400 44951 MT -(2.)SH -10500 XM -(Change directory to [OBJ_DIR]. The following command creates directories under)SH -10500 46147 MT -([OBJ_DIR] and installs Makefiles for the final build.)SH -/Courier SF -11820 47724 MT -(host%)SH -/Times-Bold SF -15780 XM -(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR])275 W -/Times-Roman SF -9400 49618 MT -(3.)SH -10500 XM -(Change directory to util/imake.includes. Read through config.Imakefile, turning on)SH -10500 50814 MT -(appropriate flags for your installation. Change SRCTOP so that it is set to the top level of)SH -10500 52010 MT -(your source directory.)SH -9400 53904 MT -(4.)SH -10500 XM -(Check that your machine type has a definition in include/osconf.h & related files in the)SH -10500 55100 MT -(source tree \050if it doesn't, then you may need to create your own; if you get successful)SH -10500 56296 MT -(results, please post to kerberos at athena.mit.edu\051)SH -9400 58190 MT -(5.)SH -10500 XM -(Change directory to [OBJ_DIR]. The next command generates new Makefiles based on the)SH -10500 59386 MT -(configuration you selected in config.Imakefile, then adds dependency information to the)SH -10500 60582 MT -(Makefiles, and finally builds the system:)SH -/Courier SF -11820 62159 MT -(host%)SH -/Times-Bold SF -15780 XM -(make world)275 W -/Times-Roman SF -10500 63754 MT -(This command takes a while to complete; you may wish to redirect the output onto a file)SH -10500 64950 MT -(and put the job in the background:)SH -/Courier SF -11820 66527 MT -(host%)SH -/Times-Bold SF -15780 XM -(make world) -275 W( >&WORLDLOG_891201 &)SH -/Times-Roman SF -10500 68122 MT -(If you need to rebuild the Kerberos programs and libraries after making a change, you can)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(6)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 7 8 -BS -0 SI -11 /Times-Roman AF -10500 7955 MT -(usually just type:)SH -/Courier SF -11820 9532 MT -(host%)SH -/Times-Bold SF -15780 XM -(make all)275 W -/Times-Roman SF -10500 11127 MT -(However, if you changed the configuration in config.Imakefile or modified the Imakefiles)SH -10500 12323 MT -(or Makefiles, you should run)SH -/Times-Italic SF -23514 XM -(make world)SH -/Times-Roman SF -28952 XM -(to re-build all the Makefiles and dependency lists.)SH -14 /Times-Bold AF -7200 16141 MT -(4.1 Testing) -350 W( the DES Library)SH -11 /Times-Roman AF -7200 18336 MT -(Use the)SH -/Times-Italic SF -10804 XM -(verify)SH -/Times-Roman SF -13583 XM -(command to test the DES library implementation:)SH -/Courier SF -8520 19913 MT -(host%)SH -/Times-Bold SF -12480 XM -([OBJ_DIR]/lib/des/verify)SH -/Times-Roman SF -7200 21508 MT -(The command should display the following:)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(7)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 8 9 -BS -0 SI -11 /Courier AF -8520 7886 MT -(Examples per FIPS publication 81, keys ivs and cipher)SH -8520 9000 MT -(in hex. These are the correct answers, see below for)SH -8520 10114 MT -(the actual answers.)SH -8520 12342 MT -(Examples per Davies and Price.)SH -8520 14570 MT -(EXAMPLE ECB) -SH( key) -2640 W( = 08192a3b4c5d6e7f)SH -13800 15684 MT -(clear = 0)SH -13800 16798 MT -(cipher = 25 dd ac 3e 96 17 64 67)SH -8520 17912 MT -(ACTUAL ECB)SH -13800 19026 MT -(clear "")SH -13800 20140 MT -(cipher =) -660 W( \050low to high bytes\051)SH -19080 21254 MT -(25 dd ac 3e 96 17 64 67)SH -8520 23482 MT -(EXAMPLE ECB) -SH( key) -2640 W( = 0123456789abcdef)SH -13800 24596 MT -(clear = "Now is the time for all ")SH -13800 25710 MT -(cipher = 3f a4 0e 8a 98 4d 48 15 ...)SH -8520 26824 MT -(ACTUAL ECB)SH -13800 27938 MT -(clear "Now is the time for all ")SH -13800 29052 MT -(cipher =) -660 W( \050low to high bytes\051)SH -19080 30166 MT -(3f a4 0e 8a 98 4d 48 15)SH -8520 32394 MT -(EXAMPLE CBC) -SH( key) -2640 W( = 0123456789abcdef iv = 1234567890abcdef)SH -13800 33508 MT -(clear = "Now is the time for all ")SH -13800 34622 MT -(cipher =) -SH( e5) -4620 W( c7 cd de 87 2b f2 7c)SH -24360 35736 MT -(43 e9 34 00 8c 38 9c 0f)SH -24360 36850 MT -(68 37 88 49 9a 7c 05 f6)SH -8520 37964 MT -(ACTUAL CBC)SH -13800 39078 MT -(clear "Now is the time for all ")SH -13800 40192 MT -(ciphertext = \050low to high bytes\051)SH -19080 41306 MT -(e5 c7 cd de 87 2b f2 7c)SH -19080 42420 MT -(43 e9 34 00 8c 38 9c 0f)SH -19080 43534 MT -(68 37 88 49 9a 7c 05 f6)SH -19080 44648 MT -(00 00 00 00 00 00 00 00)SH -19080 45762 MT -(00 00 00 00 00 00 00 00)SH -19080 46876 MT -(00 00 00 00 00 00 00 00)SH -19080 47990 MT -(00 00 00 00 00 00 00 00)SH -19080 49104 MT -(00 00 00 00 00 00 00 00)SH -13800 50218 MT -(decrypted clear_text = "Now is the time for all ")SH -8520 51332 MT -(EXAMPLE CBC checksum) -SH( key) -1980 W( = 0123456789abcdef iv = 1234567890abcdef)SH -13800 52446 MT -(clear =) -SH( "7654321) -5280 W( Now is the time for ")SH -13800 53560 MT -(checksum 58) -4620 W( d2 e7 7e 86 06 27 33 or some part thereof)SH -8520 54674 MT -(ACTUAL CBC checksum)SH -19080 55788 MT -(encrypted cksum = \050low to high bytes\051)SH -19080 56902 MT -(58 d2 e7 7e 86 06 27 33)SH -/Times-Roman SF -7200 59200 MT -(If the)SH -/Times-Italic SF -9826 XM -(verify)SH -/Times-Roman SF -12605 XM -(command fails to display this information as specified above, the implementation of DES for)SH -7200 60396 MT -(your hardware needs to be adjusted. Your Kerberos system cannot work properly if your DES library)SH -7200 61592 MT -(fails this test.)SH -7200 63890 MT -(When you have finished building the software, you will find the executables in the object tree as follows:)SH -/Times-Bold SF -7200 65841 MT -([OBJ_DIR]/admin)SH -/Times-Italic SF -18200 XM -(ext_srvtab)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -23332 XM -(kdb_destroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -29258 XM -(kdb_edit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -33596 XM -(kdb_init)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -37752 XM -(kdb_util)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -43771 XM -(kstash)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 67536 MT -([OBJ_DIR]/kuser)SH -/Times-Italic SF -18200 XM -(kdestroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -22476 XM -(kinit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24982 XM -(klist)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -27366 XM -(ksrvtgt)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -32773 XM -(ksu)SH -/Times-Roman SF -(.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(8)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 9 10 -BS -0 SI -11 /Times-Bold AF -7200 7955 MT -([OBJ_DIR]/server)SH -/Times-Italic SF -18200 XM -(kerberos)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 9650 MT -([OBJ_DIR]/appl/bsd)SH -/Times-Italic SF -18200 XM -(klogind)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -22050 XM -(kshd)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24616 XM -(login.krb)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -29169 XM -(rcp)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31185 XM -(rlogin)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -36288 XM -(rsh)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 11345 MT -([OBJ_DIR]/appl/knetd)SH -/Times-Italic SF -18200 XM -(knetd)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 13040 MT -([OBJ_DIR]/appl/sample)SH -/Times-Italic SF -18200 14236 MT -(sample_server)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -25164 XM -(sample_client)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31824 XM -(simple_server)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -40407 XM -(simple_client)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 15931 MT -([OBJ_DIR]/appl/tftp)SH -/Times-Italic SF -18200 XM -(tcom)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -20888 XM -(tftpd)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -25319 XM -(tftp)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 17626 MT -([OBJ_DIR]/slave)SH -/Times-Italic SF -18200 XM -(kprop)SH -/Times-Roman SF -21041 XM -(and)SH -/Times-Italic SF -22904 XM -(kpropd)SH -/Times-Roman SF -(.)SH -16 /Times-Bold AF -7200 22298 MT -(5. Installing) -400 W( the Software)SH -11 /Times-Roman AF -7200 24493 MT -(To install the software, issue the)SH -/Times-Italic SF -21711 XM -(make install)SH -/Times-Roman SF -27333 XM -(command from the [OBJ_DIR] \050you need to be a privileged)SH -7200 25689 MT -(user in order to properly install the programs\051. Programs can either be installed in default directories, or)SH -7200 26885 MT -(under a given root directory, as described below.)SH -14 /Times-Bold AF -7200 30703 MT -(5.1 The) -350 W( ``Standard'' Places)SH -11 /Times-Roman AF -7200 32898 MT -(If you use the)SH -/Times-Italic SF -13492 XM -(make)SH -/Times-Roman SF -16087 XM -(command as follows:)SH -/Courier SF -8520 34475 MT -(host#)SH -/Times-Bold SF -12480 XM -(make install)275 W -/Times-Roman SF -7200 36070 MT -(the installation process will try to install the various parts of the system in ``standard'' directories. This)SH -7200 37266 MT -(process creates the ``standard'' directories as needed.)SH -7200 39564 MT -(The standard installation process copies things as follows:)SH -/Symbol SF -9169 41640 MT -(\267)SH -/Times-Roman SF -9950 XM -(The)SH -/Times-Italic SF -11935 XM -(include)SH -/Times-Roman SF -15448 XM -(files)SH -/Times-Italic SF -17617 XM -(krb.h)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -20458 XM -(des.h)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -23299 XM -(mit-copyright.h)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -30662 XM -(kadm.h)SH -/Times-Roman SF -34144 XM -(and)SH -/Times-Italic SF -36007 XM -(kadm_err.h)SH -/Times-Roman SF -41383 XM -(get copied to the)SH -/Times-Italic SF -9950 42836 MT -(/usr/include)SH -/Times-Roman SF -15481 XM -(directory.)SH -/Symbol SF -9169 44730 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos libraries)SH -/Times-Italic SF -20119 XM -(libdes.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24122 XM -(libkrb.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -28125 XM -(libkdb.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -32250 XM -(libkadm.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -37169 XM -(libknet.a)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -43401 XM -(libacl.a)SH -/Times-Roman SF -47007 XM -(get)SH -9950 45926 MT -(copied to the)SH -/Times-Italic SF -15907 XM -(/usr/athena/lib)SH -/Times-Roman SF -22662 XM -(\050or wherever you pointed LIBDIR in config.Imakefile\051)SH -9950 47122 MT -(directory.)SH -/Symbol SF -9169 49016 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos master database utilities)SH -/Times-Italic SF -27085 XM -(kdb_init)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31241 XM -(kdb_destroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -37167 XM -(kdb_edit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -41505 XM -(kdb_util)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -45661 XM -(kstash)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -9950 50212 MT -(ext_srvtab)SH -/Times-Roman SF -14807 XM -(get copied to the)SH -/Times-Italic SF -22383 XM -(/usr/etc)SH -/Times-Roman SF -25958 XM -(\050DAEMDIR\051 directory.)SH -/Symbol SF -9169 52106 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos user utilities)SH -/Times-Italic SF -21924 XM -(kinit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24430 XM -(kdestroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -28706 XM -(klist)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31090 XM -(ksrvtgt)SH -/Times-Roman SF -34359 XM -(and)SH -/Times-Italic SF -36222 XM -(ksu)SH -/Times-Roman SF -37963 XM -(get copied to the)SH -/Times-Italic SF -45539 XM -(/usr/athena)SH -/Times-Roman SF -9950 53302 MT -(\050PROGDIR\051 directory.)SH -/Symbol SF -9169 55196 MT -(\267)SH -/Times-Roman SF -9950 XM -(The modified Berkeley utilities)SH -/Times-Italic SF -24004 XM -(rsh)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -25960 XM -(rlogin)SH -/Times-Roman SF -28925 XM -(get copied to the)SH -/Times-Italic SF -36501 XM -(/usr/ucb)SH -/Times-Roman SF -40382 XM -(\050UCBDIR\051 directory;)SH -/Times-Italic SF -9950 56392 MT -(rcp)SH -/Times-Roman SF -11691 XM -(gets copied to the)SH -/Times-Italic SF -19695 XM -(/bin)SH -/Times-Roman SF -21682 XM -(\050SLASHBINDIR\051 directory; and)SH -/Times-Italic SF -36375 XM -(rlogind)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -40165 XM -(rshd)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -44534 XM -(login.krb)SH -/Times-Roman SF -48812 XM -(get)SH -9950 57588 MT -(copied to the)SH -/Times-Italic SF -15907 XM -(/usr/etc)SH -/Times-Roman SF -19482 XM -(\050DAEMDIR\051 directory. The old copies of the user programs are)SH -9950 58784 MT -(renamed)SH -/Times-Italic SF -14011 XM -(rsh.ucb)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -17830 XM -(rlogin.ucb)SH -/Times-Roman SF -22658 XM -(and)SH -/Times-Italic SF -24521 XM -(rcp.ucb)SH -/Times-Roman SF -(, respectively. The Kerberos versions of these)SH -9950 59980 MT -(programs are designed to fall back and execute the original versions if something prevents)SH -9950 61176 MT -(the Kerberos versions from succeeding.)SH -/Symbol SF -9169 63070 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos version of)SH -/Times-Italic SF -20944 XM -(tftp)SH -/Times-Roman SF -22687 XM -(and)SH -/Times-Italic SF -24550 XM -(tcom)SH -/Times-Roman SF -26963 XM -(get copied to the)SH -/Times-Italic SF -34539 XM -(/usr/athena)SH -/Times-Roman SF -39826 XM -(\050PROGDIR\051 directory;)SH -/Times-Italic SF -9950 64266 MT -(tftpd)SH -/Times-Roman SF -12243 XM -(gets copied to the)SH -/Times-Italic SF -20247 XM -(/etc)SH -/Times-Roman SF -22110 XM -(\050ETCDIR\051 directory.)SH -/Times-Italic SF -31884 XM -(tftp)SH -/Times-Roman SF -33627 XM -(and)SH -/Times-Italic SF -35490 XM -(tftpd)SH -/Times-Roman SF -37783 XM -(are installed set-uid to an)SH -9950 65462 MT -(unprivileged user \050user id of DEF_UID\051.)SH -/Symbol SF -9169 67356 MT -(\267)SH -/Times-Roman SF -9950 XM -(The)SH -/Times-Italic SF -11935 XM -(knetd)SH -/Times-Roman SF -14592 XM -(daemon gets copied to the)SH -/Times-Italic SF -26353 XM -(/usr/etc)SH -/Times-Roman SF -29928 XM -(\050DAEMDIR\051 directory.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(9)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 10 11 -BS -0 SI -11 /Symbol AF -9169 8080 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos server)SH -/Times-Italic SF -19201 XM -(kerberos)SH -/Times-Roman SF -(, the slave propagation software)SH -/Times-Italic SF -37343 XM -(kprop)SH -/Times-Roman SF -40184 XM -(and)SH -/Times-Italic SF -42047 XM -(kpropd)SH -/Times-Roman SF -(, and the)SH -9950 9276 MT -(administration server)SH -/Times-Italic SF -19542 XM -(kadmind)SH -/Times-Roman SF -23605 XM -(get copied to the)SH -/Times-Italic SF -31181 XM -(/usr/etc)SH -/Times-Roman SF -34756 XM -(\050SVRDIR, SVRDIR, and)SH -9950 10472 MT -(DAEMDIR\051 directory.)SH -/Symbol SF -9169 12366 MT -(\267)SH -/Times-Roman SF -9950 XM -(The remote administration tools)SH -/Times-Italic SF -24310 XM -(kpasswd)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -28588 XM -(ksrvutil)SH -/Times-Roman SF -32163 XM -(and)SH -/Times-Italic SF -34026 XM -(kadmin)SH -/Times-Roman SF -37539 XM -(get copied to the)SH -/Times-Italic SF -45115 XM -(/usr/athena)SH -/Times-Roman SF -9950 13562 MT -(\050PROGDIR\051 directory.)SH -/Symbol SF -9169 15456 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos manual pages get installed in the appropriate)SH -/Times-Italic SF -36187 XM -(/usr/man)SH -/Times-Roman SF -40374 XM -(directories. Don't)275 W -9950 16652 MT -(forget to run)SH -/Times-Italic SF -15723 XM -(makewhatis)SH -/Times-Roman SF -21192 XM -(after installing the manual pages.)SH -14 /Times-Bold AF -7200 20470 MT -(5.2 ``Non-Standard'') -350 W( Installation)SH -11 /Times-Roman AF -7200 22665 MT -(If you'd rather install the software in a different location, you can use the)SH -/Times-Italic SF -39667 XM -(make)SH -/Times-Roman SF -42262 XM -(command as follows,)SH -7200 23861 MT -(where [DEST_DIR] specifies an alternate destination directory which will be used as the root for the)SH -7200 25057 MT -(installed programs, i.e. programs that would normally be installed in /usr/athena would be installed in)SH -7200 26253 MT -([DEST_DIR]/usr/athena.)SH -/Courier SF -8520 27830 MT -(host#)SH -/Times-Bold SF -12480 XM -(make install DESTDIR=[DEST_DIR])275 W -16 SS -7200 32502 MT -(6. Conclusion)400 W -11 /Times-Roman AF -7200 34697 MT -(Now that you have built and installed your Kerberos system, use the accompanying Kerberos Operation)SH -4030 50 44224 34897 UL -4398 50 48529 34897 UL -7200 35893 MT -(Notes to create a Kerberos Master database, install authenticated services, and start the Kerberos server.)SH -2566 50 7200 36093 UL -16 /Times-Bold AF -7200 40565 MT -(7. Acknowledgements)400 W -11 /Times-Roman AF -7200 42760 MT -(We'd like to thank Henry Mensch and Jon Rochlis for helping us debug this document.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30100 XM -(10)SH -47890 XM -(4 January 1990)SH -ES -%%Page: i 12 -BS -0 SI -14 /Times-Bold AF -25272 8138 MT -(Table of Contents)SH -13 SS -7200 9781 MT -(1. Organization) -325 W( of the Source Directory)SH -53350 XM -(1)SH -12 /Times-Roman AF -9000 11136 MT -(1.1 The)300 W -/Times-BoldItalic SF -13266 XM -(admin)SH -/Times-Roman SF -16701 XM -(Directory)SH -53400 XM -(2)SH -9000 12491 MT -(1.2 The)300 W -/Times-BoldItalic SF -13266 XM -(kuser)SH -/Times-Roman SF -16300 XM -(Directory)SH -53400 XM -(2)SH -9000 13846 MT -(1.3 The)300 W -/Times-BoldItalic SF -13266 XM -(appl)SH -/Times-Roman SF -15700 XM -(Directory)SH -53400 XM -(2)SH -9000 15201 MT -(1.4 The)300 W -/Times-BoldItalic SF -13266 XM -(server)SH -/Times-Roman SF -16566 XM -(Directory)SH -53400 XM -(3)SH -9000 16556 MT -(1.5 The)300 W -/Times-BoldItalic SF -13266 XM -(kadmin)SH -/Times-Roman SF -17301 XM -(Directory)SH -53400 XM -(3)SH -9000 17911 MT -(1.6 The)300 W -/Times-BoldItalic SF -13266 XM -(include)SH -/Times-Roman SF -17234 XM -(Directory)SH -53400 XM -(3)SH -9000 19266 MT -(1.7 The)300 W -/Times-BoldItalic SF -13266 XM -(lib)SH -/Times-Roman SF -14834 XM -(Directory)SH -53400 XM -(3)SH -9000 20621 MT -(1.8 The)300 W -/Times-BoldItalic SF -13266 XM -(man)SH -/Times-Roman SF -15767 XM -(Directory)SH -53400 XM -(3)SH -9000 21976 MT -(1.9 The)300 W -/Times-BoldItalic SF -13266 XM -(prototypes)SH -/Times-Roman SF -18634 XM -(Directory)SH -53400 XM -(3)SH -9000 23331 MT -(1.10 The)300 W -/Times-BoldItalic SF -13866 XM -(tools)SH -/Times-Roman SF -16501 XM -(Directory)SH -53400 XM -(3)SH -9000 24686 MT -(1.11 The)300 W -/Times-BoldItalic SF -13866 XM -(util)SH -/Times-Roman SF -15835 XM -(Directory)SH -53400 XM -(4)SH -13 /Times-Bold AF -7200 26329 MT -(2. Preparing) -325 W( for Installation)SH -53350 XM -(4)SH -7200 27972 MT -(3. Preparing) -325 W( for the Build)SH -53350 XM -(4)SH -12 /Times-Roman AF -9000 29327 MT -(3.1 The)300 W -/Times-BoldItalic SF -13266 XM -(/etc/krb.conf)SH -/Times-Roman SF -19801 XM -(File)SH -53400 XM -(5)SH -9000 30682 MT -(3.2 The)300 W -/Times-BoldItalic SF -13266 XM -(/etc/krb.realms)SH -/Times-Roman SF -20936 XM -(File)SH -53400 XM -(6)SH -13 /Times-Bold AF -7200 32325 MT -(4. Building) -325 W( the Software)SH -53350 XM -(6)SH -12 /Times-Roman AF -9000 33674 MT -(4.1 Testing) -300 W( the DES Library)SH -53400 XM -(7)SH -13 /Times-Bold AF -7200 35317 MT -(5. Installing) -325 W( the Software)SH -53350 XM -(9)SH -12 /Times-Roman AF -9000 36666 MT -(5.1 The) -300 W( ``Standard'' Places)SH -53400 XM -(9)SH -9000 38015 MT -(5.2 ``Non-Standard'') -300 W( Installation)SH -52800 XM -(10)SH -13 /Times-Bold AF -7200 39658 MT -(6. Conclusion)325 W -52700 XM -(10)SH -7200 41301 MT -(7. Acknowledgements)325 W -52700 XM -(10)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30461 XM -(i)SH -47890 XM -(4 January 1990)SH -ES -%%Trailer -%%Pages: 12 -%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol Deleted: branches/mskrb-integ/doc/old-V4-docs/installation.mss =================================================================== --- branches/mskrb-integ/doc/old-V4-docs/installation.mss 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/old-V4-docs/installation.mss 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,681 +0,0 @@ - at Comment[ $Source$] - at Comment[ $Author$] - at Comment[ $Id$] - at Comment[] - at device[postscript] - at make[report] - at comment[ - at DefineFont(HeadingFont, - P=, - B=, - I=, - R=) -] - at DefineFont(HeadingFont, - P=, - B=, - I=, - R=) - at Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I], - IncrementedBy Use,Announced) - at Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ], - IncrementedBy Use,Referenced [@1],Announced) - at Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ], - IncrementedBy,Referenced [@A],Announced,Alias Chapter) - at Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias - Chapter) - at Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2, - Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy - Use,Announced) - at Counter(AppendixSection,Within Appendix,TitleEnv HD2, - ContentsEnv tc2, - Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy - Use,Announced) - at Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3, - Numbered [@#@:. at 1 ],IncrementedBy Use, - Referenced [@#@:. at 1 ]) - at Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3, - ContentsEnv tc3, - Numbered [@#@:. at 1 ],IncrementedBy Use, - Referenced [@#@:. at 1 ]) - at Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4, - Numbered [@#@:. at 1 ],Referenced [@#@:. at 1], - IncrementedBy Use) - at modify(CopyrightNotice, Fixed -1 inch, Flushright) - at Modify(Titlebox, Fixed 3.0 inches) - at Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off) - at Modify(hd2, below .2 inch, facecode B, size 14, spaces kept) - at Modify(hd3, below .2 inch, facecode B, size 12, spaces kept) - at Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line) - at Modify(Tc1, Above .5, Facecode B) - at Modify(Tc2, Above .25, Below .25, Facecode R) - at Modify(Tc3,Facecode R) - at Modify(Tc4,Facecode R) - at Modify(Itemize,Above 1line,Below 1line) - at Modify(Insert,LeftMargin +2, RightMargin +2) - at libraryfile[stable] - at comment[@Style(Font NewCenturySchoolBook, size 11)] - at Style(Font TimesRoman, size 11) - at Style(Spacing 1.1, indent 0) - at Style(leftmargin 1.0inch) - at Style(justification no) - at Style(BottomMargin 1.5inch) - at Style(ChangeBarLocation Right) - at Style(ChangeBars=off) - at pageheading[immediate] - at pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)", -right = "@value(date)"] - at set[page = 0] - at blankspace[.5 inches] - at begin[group, size 20] - at begin(center) - at b[Kerberos Installation Notes] - at b[DRAFT] - at end[center] - at end(group) - at blankspace[.5 inches] - at begin[group, size 16] - at begin(center) -Bill Bryant -Jennifer Steiner -John Kohl - at blankspace[1 line] -Project Athena, MIT - at blankspace[.5 inches] - at b[Initial Release, January 24, 1989] - at i[(plus later patches through patchlevel 7)] - at end[center] - at end(group) - at begin[group, size 10] - at end[group] - at blankspace[.75 inches] - - -The release consists of three parts. - -The first part consists of the core Kerberos system, which was developed -at MIT and does not require additional licenses for us to distribute. -Included in this part are the Kerberos authentication server, the -Kerberos library, the - at i[ndbm] -database interface library, user programs, administration programs, -manual pages, some applications which use Kerberos for authentication, -and some utilities. - -The second part is the Data Encryption Standard (DES) library, which we -are distributing only within the United States. - -The third part contains Kerberos modifications to Sun's NFS, which we -distribute as ``context diffs'' to the Sun NFS source code. Its -distribution is controlled to provide an accounting of who has retrieved -the patches, so that Project Athena can comply with its agreements with -Sun regarding distribution of these changes. - - at newpage() - at chapter[Organization of the Source Directory] - -The Kerberos building and installation process, -as described in this document, -builds the binaries and executables from the files contained in the Kerberos -source tree, and deposits them in a separate object tree. -This is intended to easily support several different build trees from a -single source tree (this is useful if you support several machine -architectures). -We suggest that you copy the Kerberos sources into a - at i[/mit/kerberos/src] directory, -and create as well a @i[/mit/kerberos/obj] directory in which -to hold the executables. -In the rest of this document, we'll refer to the Kerberos -source and object directories as [SOURCE_DIR] -and [OBJ_DIR], respectively. - -Below is a brief overview of the organization of the complete -source directory. -More detailed descriptions follow. - - at begin[description] - - at b[admin]@\utilities for the Kerberos administrator - - at b[appl]@\applications that use Kerberos - - at b[appl/bsd]@\Berkeley's rsh/rlogin suite, using Kerberos - - at b[appl/knetd]@\(old) software for inetd-like multiplexing of a single -TCP listening port - - at b[appl/sample]@\sample application servers and clients - - at b[appl/tftp]@\Trivial File Transfer Protocol, using Kerberos - - at b[include]@\include files - - at b[kadmin]@\remote administrative interface to the Kerberos master database - - at b[kuser]@\assorted user programs - - at b[lib]@\libraries for use with/by Kerberos - - at b[lib/acl]@\Access Control List library - - at b[lib/des]@\Data Encryption Standard library (US only) - - at b[lib/kadm]@\administrative interface library - - at b[lib/kdb]@\Kerberos server library interface to @i[ndbm] - - at b[lib/knet]@\(old) library for use with @b[knetd] - - at b[lib/krb]@\Kerberos library - - at b[man]@\manual pages - - at b[prototypes]@\sample configuration files - - at b[server]@\the authentication server - - at b[slave]@\Kerberos slave database propagation software - - at b[tools]@\shell scripts for maintaining the source tree - - at b[util]@\utilities - - at b[util/imake]@\Imakefile-to-Makefile ``compilation'' tool - - at b[util/ss]@\Sub-system library (for command line subsystems) - - at b[util/et]@\Error-table library (for independent, unique error codes) - - at b[util/makedepend]@\Makefile dependency generator tool - - at end[description] - - at section[The @p(admin) Directory] - -This directory contains source for -the Kerberos master database administration tools. - at begin[description] - at b[kdb_init]@\This program creates and initializes the -Kerberos master database. -It prompts for a Kerberos realmname, and the Kerberos master password. - - at b[kstash]@\This program ``stashes'' the master password in the file - at i[/.k] so that the master server machine can restart the Kerberos -server automatically after an unattended reboot. -The hidden password is also available to administrative programs -that have been set to run automatically. - - at b[kdb_edit]@\This program is a low-level tool for editing -the master database. - - at b[kdb_destroy]@\This program deletes the master database. - - at b[kdb_util]@\This program can be used to dump the master database -into an ascii file, and can also be used to load the ascii file -into the master database. - - at b[ext_srvtab]@\This program extracts information from the master -database and creates a host-dependent @i[srvtab] file. -This file contains the Kerberos keys for the host's -``Kerberized'' services. -These services look up their keys in the @i[srvtab] file -for use in the authentication process. - at end[description] - - at section[The @p(kuser) Directory] - -This directory contains the source code for several user-oriented -programs. - at begin[description] - at b[kinit]@\This program prompts users for their usernames and -Kerberos passwords, then furnishes them with Kerberos ticket-granting -tickets. - - at b[kdestroy]@\This program destroys any active tickets. -Users should use @i[kdestroy] before they log off their workstations. - - at b[klist]@\This program lists a user's active tickets. - - at b[ksrvtgt]@\This retrieves a ticket-granting ticket with a life time -of five minutes, using a server's secret key in lieu of a password. It -is primarily for use in shell scripts and other batch facilities. - - at b[ksu]@\Substitute user id, using Kerberos to mediate attempts to -change to ``root''. - at end[description] - - at section[The @p(appl) Directory] - -If your site has the appropriate BSD license, -your Kerberos release provides certain Unix utilities -The Berkeley programs that have been modified to use Kerberos -authentication are found in the @i[appl/bsd] directory. -They include @i[login], @i[rlogin], @i[rsh], and @i[rcp], as well as the -associated daemon programs @i[kshd] and @i[klogind]. -The @i[login] program obtains ticket-granting tickets for users -upon login; the other utilities provide authenticated -Unix network services. - -The @i[appl] directory also contains samples Kerberos application -client and server programs, an authenticated @i[tftp] program, - at i[knetd], an authenticated inet daemon. - - at section[The @p(server) Directory] - -The @i[server] directory contains the Kerberos KDC server, called - at i[kerberos]. -This program manages read-only requests made to the -master database, -distributing tickets and encryption keys to clients requesting -authentication service. - - at section[The @p(kadmin) Directory] - -The @i[kadmin] directory contains the Kerberos administration server and -associated client programs. -The server accepts network requests from the -user program @i[kpasswd] (used to change a user's password), the -Kerberos administration program @i(kadmin), and the srvtab utility -program @i[ksrvutil]. -The administration server can make modifications to the master database. - - at section[The @p(include) Directory] - -This directory contains the @i[include] files needed to -build the Kerberos system. - - at section[The @p(lib) Directory] - -The @i[lib] directory has six subdirectories: - at i[acl], @i[des], @i[kadm], @i[kdb], @i[knet], and @i[krb]. -The @i[des] directory contains source for the DES encryption library. -The @i[kadm] directory contains source for the Kerberos administration -server utility library. -The @i[kdb] directory contains source for the Kerberos database -routine library. -The @i[knet] directory contains source for a library used by clients of -the @i[knetd] server. -The @i[krb] directory contains source for the @i[libkrb.a] -library. -This library contains routines that are used by the Kerberos server program, -and by applications programs that require authentication service. - - at section[The @p(man) Directory] - -This directory contains manual pages for Kerberos programs and -library routines. - - at section[The @p(prototypes) Directory] - -This directory contains prototype - at i[/etc/services] and @i[/etc/krb.conf] files. -New entries must be added to the @i[/etc/services] file for -the Kerberos server, and possibly for Kerberized applications -(@i[services.append] contains the entries used by the Athena-provided -servers & applications, and is suitable for appending to your existing - at i[/etc/services] file.). -The @i[/etc/krb.conf] file defines the local Kerberos realm -for its host and lists Kerberos servers for given realms. -The @i[/etc/krb.realms] file defines exceptions for mapping machine -names to Kerberos realms. - - at section[The @p(tools) Directory] - -This directory contains -a makefile to set up a directory tree -for building the software in, and -a shell script to format code in the -style we use. - - - at section[The @p(util) Directory] - -This directory contains several utility programs and libraries. -Included are Larry Wall's @i[patch] program, a @i[make] pre-processor -program called - at i[imake], and a program for generating Makefile dependencies, - at i[makedepend], as well as the Sub-system library and -utilities (@i[ss]), and the Error table library and utilities (@i[et]). - - at chapter[Preparing for Installation] - -This document assumes that you will build the system -on the machine on which you plan to install -the Kerberos master server and its database. -You'll need about 10 megabytes for source and executables. - -By default, there must be -a @i[/kerberos] directory on the master server machine -in which to store the Kerberos -database files. -If the master server machine does not have room on its root partition -for these files, -create a @i[/kerberos] symbolic link to another file system. - - at chapter[Preparing for the Build] - -Before you build the system, -you have to choose a @b[realm name], -the name that specifies the system's administrative domain. -Project Athena uses the internet domain name ATHENA.MIT.EDU -to specify its Kerberos realm name. -We recommend using a name of this form. - at b[NOTE:] the realm-name is case sensitive; by convention, we suggest -that you use your internet domain name, in capital letters. - -Edit the [SOURCE_DIR]/@i[include/krb.h] file and look for the following -lines of code: - at begin[example] -/* - * Kerberos specific definitions - * - * KRBLOG is the log file for the kerberos master server. - * KRB_CONF is the configuration file where different host - * machines running master and slave servers can be found. - * KRB_MASTER is the name of the machine with the master - * database. The admin_server runs on this machine, and all - * changes to the db (as opposed to read-only requests, which - * can go to slaves) must go to it. - * KRB_HOST is the default machine when looking for a kerberos - * slave server. Other possibilities are in the KRB_CONF file. - * KRB_REALM is the name of the realm. - */ - -#ifdef notdef -this is server-only, does not belong here; -#define KRBLOG "/kerberos/kerberos.log" -are these used anyplace '?'; -#define VX_KRB_HSTFILE "/etc/krbhst" -#define PC_KRB_HSTFILE "\\kerberos\\krbhst" -#endif - -#define KRB_CONF "/etc/krb.conf" -#define KRB_RLM_TRANS "/etc/krb.realms" -#define KRB_MASTER "kerberos" -#define KRB_HOST KRB_MASTER -#define KRB_REALM "ATHENA.MIT.EDU" - at end[example] -Edit the last line as follows: - at begin[enumerate] -Change the KRB_REALM definition so that it specifies the realm name -you have chosen for your Kerberos system. This is a default which is -usually overridden by a configuration file on each machine; however, if -that config file is absent, many programs will use this "built-in" realm -name. - at end[enumerate] - - at section[The @p(/etc/krb.conf) File] - -Create a @i[/etc/krb.conf] file using the following format: - at begin[example] - at p[realm_name] - at p[realm_name] @p[master_server_name] admin server - at end[example] -where @i[realm_name] specifies the system's realm name, -and @i[master_server_name] specifies the machine name on -which you will run the master server. The words 'admin server' must -appear next to the name of the server on which you intend to run the -administration server (which must be a machine with access to the database). - -For example, -if your realm name is @i[tim.edu] and your master server's name is - at i[kerberos.tim.edu], the file should have these contents: - at begin[example] -tim.edu -tim.edu kerberos.tim.edu admin server - at end[example] - -See the [SOURCE_DIR]/@i[prototypes/etc.krb.conf] file for an -example @i[/etc/krb.conf] file. That file has examples of how to -provide backup servers for a given realm (additional lines with the same -leading realm name) and how to designate servers for remote realms. - - at section[The @p(/etc/krb.realms) File] - -In many situations, the default realm in which a host operates will be -identical to the domain portion its Internet domain name. - -If this is not the case, you will need to establish a translation from -host name or domain name to realm name. This is accomplished with the - at i(/etc/krb.realms) file. - -Each line of the translation file specifies either a hostname or domain -name, and its associated realm: - at begin[example] -.domain.name kerberos.realm1 -host.name kerberos.realm2 - at end[example] -For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1 -but the host FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read: - at begin[example] -.LSC.TIM.EDU KRB.REALM1 -FILMS.LSC.TIM.EDU KRB.REALM2 - at end[example] -If a particular host matches both a domain and a host entry, the host -entry takes precedence. - - at chapter[Building the Software] - -Before you build the software -read the @b[README] file in [SOURCE_DIR]. -What follows is a more detailed description of the instructions -listed in README. - at begin[enumerate] -Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you -are about to build, for example, - at i[/mit/kerberos/obj]. - -Change directory to [OBJ_DIR]. -The following command creates directories under [OBJ_DIR] -and installs Makefiles for the final build. - at begin[example, rightmargin -7] -host% @b(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR]) - at end[example] - - - -Change directory to util/imake.includes. Read through config.Imakefile, -turning on appropriate flags for your installation. Change SRCTOP so -that it is set to the top level of your source directory. - -Check that your machine type has a definition in include/osconf.h & -related files in the source tree (if it doesn't, then you may need to -create your own; if you get successful results, please post to -kerberos@@athena.mit.edu) - -Change directory to [OBJ_DIR]. The next command generates new Makefiles -based on the configuration you selected in config.Imakefile, then adds -dependency information to the Makefiles, and finally builds the system: - at begin[example, rightmargin -7] -host% @b(make world) - at end[example] -This command takes a while to complete; you may wish to redirect the -output onto a file and put the job in the background: - at begin[example, rightmargin -7] -host% @b(make world >&WORLDLOG_891201 &) - at end[example] -If you need to rebuild the Kerberos programs and libraries after making -a change, you can usually just type: - at begin[example, rightmargin -7] -host% @b(make all) - at end[example] -However, if you changed the configuration in config.Imakefile or modified -the Imakefiles or Makefiles, you should run @i[make world] to re-build -all the Makefiles and dependency lists. - at end(enumerate) - - at section[Testing the DES Library] - -Use the @i[verify] command to test the DES library -implementation: - at begin[example] -host% @b([OBJ_DIR]/lib/des/verify) - at end[example] -The command should display the following: - at begin[example, rightmargin -10] -Examples per FIPS publication 81, keys ivs and cipher -in hex. These are the correct answers, see below for -the actual answers. - -Examples per Davies and Price. - -EXAMPLE ECB key = 08192a3b4c5d6e7f - clear = 0 - cipher = 25 dd ac 3e 96 17 64 67 -ACTUAL ECB - clear "" - cipher = (low to high bytes) - 25 dd ac 3e 96 17 64 67 - -EXAMPLE ECB key = 0123456789abcdef - clear = "Now is the time for all " - cipher = 3f a4 0e 8a 98 4d 48 15 ... -ACTUAL ECB - clear "Now is the time for all " - cipher = (low to high bytes) - 3f a4 0e 8a 98 4d 48 15 - -EXAMPLE CBC key = 0123456789abcdef iv = 1234567890abcdef - clear = "Now is the time for all " - cipher = e5 c7 cd de 87 2b f2 7c - 43 e9 34 00 8c 38 9c 0f - 68 37 88 49 9a 7c 05 f6 -ACTUAL CBC - clear "Now is the time for all " - ciphertext = (low to high bytes) - e5 c7 cd de 87 2b f2 7c - 43 e9 34 00 8c 38 9c 0f - 68 37 88 49 9a 7c 05 f6 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - decrypted clear_text = "Now is the time for all " -EXAMPLE CBC checksum key = 0123456789abcdef iv = 1234567890abcdef - clear = "7654321 Now is the time for " - checksum 58 d2 e7 7e 86 06 27 33 or some part thereof -ACTUAL CBC checksum - encrypted cksum = (low to high bytes) - 58 d2 e7 7e 86 06 27 33 - at end[example] - -If the @i[verify] command fails to display this information as specified -above, the implementation of DES for your hardware needs to -be adjusted. -Your Kerberos system cannot work properly if your DES library -fails this test. - -When you have finished building the software, -you will find the executables in the object tree as follows: - at begin[description] - at b([OBJ_DIR]/admin)@\@i[ext_srvtab], @i[kdb_destroy], - at i[kdb_edit], @i[kdb_init], @i[kdb_util], and @i[kstash]. - - at b([OBJ_DIR]/kuser)@\@i[kdestroy], @i[kinit], @i[klist], @i[ksrvtgt], -and @i[ksu]. - - at b([OBJ_DIR]/server)@\@i[kerberos]. - - at b([OBJ_DIR]/appl/bsd)@\@i[klogind], @i[kshd], @i[login.krb], @i[rcp], - at i[rlogin], and @i[rsh]. - - at b([OBJ_DIR]/appl/knetd)@\@i[knetd]. - - at b([OBJ_DIR]/appl/sample)@\@i[sample_server], @i[sample_client], - at i[simple_server], and @i[simple_client]. - - at b([OBJ_DIR]/appl/tftp)@\@i[tcom], @i[tftpd], and @i[tftp]. - - at b([OBJ_DIR]/slave)@\@i[kprop] and @i[kpropd]. - at end[description] - - at chapter[Installing the Software] - -To install the software, issue the @i[make install] command from -the [OBJ_DIR] (you need to be a privileged user in order to -properly install the programs). -Programs can either be installed in default directories, or under -a given root directory, as described below. - - at section[The ``Standard'' Places] - -If you use the @i[make] command as follows: - at begin[example] -host# @b(make install) - at end[example] -the installation process will try to install the various parts of the -system in ``standard'' directories. -This process creates the ``standard'' directories as needed. - -The standard installation process copies things as follows: - at begin[itemize] -The @i[include] files @i[krb.h], @i[des.h], @i[mit-copyright.h], - at i[kadm.h] and @i[kadm_err.h] get copied to the - at i[/usr/include] directory. - -The Kerberos libraries @i[libdes.a], @i[libkrb.a], @i[libkdb.a], - at i[libkadm.a], @i[libknet.a], and @i[libacl.a] get copied -to the @i[/usr/athena/lib] (or wherever you pointed LIBDIR in -config.Imakefile) directory. - -The Kerberos master database utilities @i[kdb_init], @i[kdb_destroy], - at i[kdb_edit], @i[kdb_util], @i[kstash], and @i[ext_srvtab] get copied to -the @i[/usr/etc] (DAEMDIR) directory. - -The Kerberos user utilities @i[kinit], @i[kdestroy], @i[klist], - at i[ksrvtgt] and @i[ksu] get copied to the @i[/usr/athena] (PROGDIR) -directory. - -The modified Berkeley utilities @i[rsh], @i[rlogin] get copied to the - at i[/usr/ucb] (UCBDIR) directory; @i[rcp] gets copied to the @i[/bin] -(SLASHBINDIR) directory; and @i[rlogind], @i[rshd], and @i[login.krb] -get copied to the @i[/usr/etc] (DAEMDIR) directory. The old copies of -the user programs are renamed @i(rsh.ucb), @i(rlogin.ucb) and - at i(rcp.ucb), respectively. The Kerberos versions of these programs are -designed to fall back and execute the original versions if something -prevents the Kerberos versions from succeeding. - -The Kerberos version of @i[tftp] and @i[tcom] get copied to the - at i[/usr/athena] (PROGDIR) directory; @i[tftpd] gets copied to the - at i[/etc] (ETCDIR) directory. @i[tftp] and @i[tftpd] are installed -set-uid to an unprivileged user (user id of DEF_UID). - -The @i[knetd] daemon gets copied to the @i[/usr/etc] (DAEMDIR) directory. - -The Kerberos server @i[kerberos], the slave propagation software - at i[kprop] and @i[kpropd], and the administration server @i[kadmind] get -copied to the @i[/usr/etc] (SVRDIR, SVRDIR, and DAEMDIR) directory. - -The remote administration tools @i[kpasswd], @i[ksrvutil] and @i[kadmin] -get copied to the @i[/usr/athena] (PROGDIR) directory. - -The Kerberos manual pages get installed in the appropriate - at i[/usr/man] directories. Don't forget to run @i[makewhatis] -after installing the manual pages. - - at end[itemize] - - at section[``Non-Standard'' Installation] - -If you'd rather install the software in a different location, -you can use the @i[make] command as follows, -where [DEST_DIR] specifies an alternate destination directory -which will be used as the root for the installed programs, i.e. programs -that would normally be installed in /usr/athena would be installed in -[DEST_DIR]/usr/athena. - at begin[example] -host# @b(make install DESTDIR=[DEST_DIR]) - at end[example] - - at chapter[Conclusion] - -Now that you have built and installed your Kerberos system, -use the accompanying @u[Kerberos Operation Notes] -to create a Kerberos Master database, install authenticated services, -and start the Kerberos server. - - at chapter [Acknowledgements] - -We'd like to thank Henry Mensch and Jon Rochlis for helping us debug -this document. Deleted: branches/mskrb-integ/doc/old-V4-docs/operation.PS =================================================================== --- branches/mskrb-integ/doc/old-V4-docs/operation.PS 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/old-V4-docs/operation.PS 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,2669 +0,0 @@ -%!PS-Adobe-2.0 -%%Title: operation.mss -%%DocumentFonts: (atend) -%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700) -%%CreationDate: 4 January 1990 11:55 -%%Pages: (atend) -%%EndComments -% PostScript Prelude for Scribe. -/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def -/ES {showpage SV restore} bind def -/SC {setrgbcolor} bind def -/FMTX matrix def -/RDF {WFT SLT 0.0 eq - {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore} - {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore} - ifelse makefont setfont} bind def -/SLT 0.0 def -/SI { /SLT exch cvr def RDF} bind def -/WFT /Courier findfont def -/SF { /WFT exch findfont def RDF} bind def -/SSZ 1000.0 def -/SS { /SSZ exch 100.0 mul def RDF} bind def -/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def -/MT /moveto load def -/XM {currentpoint exch pop moveto} bind def -/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto - setlinewidth 0.0 rlineto stroke grestore} bind def -/LH {gsave newpath moveto setlinewidth - 0.0 rlineto - gsave stroke grestore} bind def -/LV {gsave newpath moveto setlinewidth - 0.0 exch rlineto - gsave stroke grestore} bind def -/BX {gsave newpath moveto setlinewidth - exch - dup 0.0 rlineto - exch 0.0 exch neg rlineto - neg 0.0 rlineto - closepath - gsave stroke grestore} bind def -/BX1 {grestore} bind def -/BX2 {setlinewidth 1 setgray stroke grestore} bind def -/PB {/PV save def newpath translate - 100.0 -100.0 scale pop /showpage {} def} bind def -/PE {PV restore} bind def -/GB {/PV save def newpath translate rotate - div dup scale 100.0 -100.0 scale /showpage {} def} bind def -/GE {PV restore} bind def -/FB {dict dup /FontMapDict exch def begin} bind def -/FM {cvn exch cvn exch def} bind def -/FE {end /original-findfont /findfont load def /findfont - {dup FontMapDict exch known{FontMapDict exch get} if - original-findfont} def} bind def -/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def -/EC /grestore load def -/SH /show load def -/MX {exch show 0.0 rmoveto} bind def -/W {0 32 4 -1 roll widthshow} bind def -/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def -/RC {100.0 -100.0 scale -612.0 0.0 translate --90.0 rotate -.01 -.01 scale} bind def -/URC {100.0 -100.0 scale -90.0 rotate --612.0 0.0 translate -.01 -.01 scale} bind def -/RCC {100.0 -100.0 scale -0.0 -792.0 translate 90.0 rotate -.01 -.01 scale} bind def -/URCC {100.0 -100.0 scale --90.0 rotate 0.0 792.0 translate -.01 -.01 scale} bind def -%%EndProlog -%%Page: 0 1 -BS -0 SI -20 /Times-Bold AF -19324 13788 MT -(Kerberos Operation Notes)SH -27156 15798 MT -(DRAFT)SH -16 /Times-Roman AF -27021 23502 MT -(Bill Bryant)SH -27289 25150 MT -(John Kohl)SH -23957 26798 MT -(Project Athena, MIT)SH -/Times-Bold SF -19489 32396 MT -(Initial Release, January 24, 1989)SH -/Times-Italic SF -17558 34044 MT -(\050plus later patches through patchlevel 7\051)SH -11 /Times-Roman AF -7200 43798 MT -(These notes assume that you have used the)SH -/Times-Italic SF -26322 XM -(Kerberos Installation Notes)SH -/Times-Roman SF -38821 XM -(to build and install your Kerberos)SH -7200 44994 MT -(system. As) -275 W( in that document, we refer to the directory that contains the built Kerberos binaries as)SH -7200 46190 MT -([OBJ_DIR].)SH -7200 48488 MT -(This document assumes that you are a Unix system manager.)SH -ES -%%Page: 1 2 -BS -0 SI -16 /Times-Bold AF -7200 8272 MT -(1. How) -400 W( Kerberos Works: A Schematic Description)SH -11 /Times-Roman AF -7200 10467 MT -(This section provides a simplified description of a general user's interaction with the Kerberos system.)SH -7200 11663 MT -(This interaction happens transparently--users don't need to know and probably don't care about what's)SH -7200 12859 MT -(going on--but Kerberos administrators might find a schematic description of the process useful. The)SH -7200 14055 MT -(description glosses over a lot of details; for more information, see)SH -/Times-Italic SF -36404 XM -(Kerberos: An Authentication Service)SH -7200 15251 MT -(for Open Network Systems)SH -/Times-Roman SF -(, a paper presented at Winter USENIX 1988, in Dallas, Texas.)SH -14 /Times-Bold AF -7200 19069 MT -(1.1 Network) -350 W( Services and Their Client Programs)SH -11 /Times-Roman AF -7200 21264 MT -(In an environment that provides network services, you use)SH -/Times-Italic SF -33164 XM -(client)SH -/Times-Roman SF -35883 XM -(programs to request service from)SH -/Times-Italic SF -50696 XM -(server)SH -/Times-Roman SF -7200 22460 MT -(programs that are somewhere on the network. Suppose you have logged in to a workstation and you want)SH -7200 23656 MT -(to)SH -/Times-Italic SF -8331 XM -(rlogin)SH -/Times-Roman SF -11296 XM -(to another machine. You use the local)SH -/Times-Italic SF -28493 XM -(rlogin)SH -/Times-Roman SF -31458 XM -(client program to contact the remote machine's)SH -/Times-Italic SF -7200 24852 MT -(rlogin)SH -/Times-Roman SF -10165 XM -(service daemon.)SH -14 /Times-Bold AF -7200 28670 MT -(1.2 Kerberos) -350 W( Tickets)SH -11 /Times-Roman AF -7200 30865 MT -(Under Kerberos, the)SH -/Times-Italic SF -16422 XM -(rlogin)SH -/Times-Roman SF -19387 XM -(service program allows a client to login to a remote machine if it can provide)SH -7200 32061 MT -(a Kerberos)SH -/Times-Bold SF -12268 XM -(ticket)SH -/Times-Roman SF -15169 XM -(for the request. This ticket proves the identity of the person who has used the client)SH -7200 33257 MT -(program to access the server program.)SH -14 /Times-Bold AF -7200 37075 MT -(1.3 The) -350 W( Kerberos Master Database)SH -11 /Times-Roman AF -7200 39270 MT -(Kerberos will give you tickets only if you have an entry in the Kerberos server's)SH -/Times-Bold SF -42845 XM -(master database)SH -/Times-Roman SF -(. Your)275 W -7200 40466 MT -(database entry includes your Kerberos username \050often referred to as your Kerberos)SH -/Times-Bold SF -44394 XM -(principal)SH -/Times-Roman SF -48949 XM -(name\051, and)SH -7200 41662 MT -(your Kerberos password. Every Kerberos user must have an entry in this database.)SH -14 /Times-Bold AF -7200 45480 MT -(1.4 The) -350 W( Ticket-Granting Ticket)SH -11 /Times-Roman AF -7200 47675 MT -(The)SH -/Times-Italic SF -9185 XM -(kinit)SH -/Times-Roman SF -11416 XM -(command prompts for your Kerberos username and password, and if you enter them)SH -7200 48871 MT -(successfully, you will obtain a Kerberos)SH -/Times-Italic SF -25131 XM -(ticket-granting ticket)SH -/Times-Roman SF -(. As) -275 W( illustrated below, client programs use)SH -7200 50067 MT -(this ticket to get other Kerberos tickets as needed.)SH -14 /Times-Bold AF -7200 53885 MT -(1.5 Network) -350 W( Services and the Master Database)SH -11 /Times-Roman AF -7200 56080 MT -(The master database also contains entries for all network services that require Kerberos authentication.)SH -7200 57276 MT -(Suppose for instance that your site has a machine)SH -/Times-Italic SF -29163 XM -(laughter)SH -/Times-Roman SF -33166 XM -(that requires Kerberos authentication from)SH -7200 58472 MT -(anyone who wants to)SH -/Times-Italic SF -16792 XM -(rlogin)SH -/Times-Roman SF -19757 XM -(to it. This service must be registered in the master database. Its entry)SH -7200 59668 MT -(includes the service's principal name, and its)SH -/Times-Bold SF -27238 XM -(instance)SH -/Times-Roman SF -(.)SH -7200 61966 MT -(The)SH -/Times-Italic SF -9185 XM -(instance)SH -/Times-Roman SF -13126 XM -(is the name of the service's machine; in this case, the service's instance is the name)SH -/Times-Italic SF -7200 63162 MT -(laughter)SH -/Times-Roman SF -(. The) -275 W( instance provides a means for Kerberos to distinguish between machines that provide the)SH -7200 64358 MT -(same service. Your site is likely to have more than one machine that provides)SH -/Times-Italic SF -41840 XM -(rlogin)SH -/Times-Roman SF -44805 XM -(service.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(1)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 2 3 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(1.6 The) -350 W( User-Kerberos Interaction)SH -11 /Times-Roman AF -7200 10333 MT -(Suppose that you \050in the guise of a general user\051 walk up to a workstation intending to login to it, and)SH -7200 11529 MT -(then)SH -/Times-Italic SF -9369 XM -(rlogin)SH -/Times-Roman SF -12334 XM -(to the machine)SH -/Times-Italic SF -19085 XM -(laughter)SH -/Times-Roman SF -(. Here's) -275 W( what happens.)SH -9400 13480 MT -(1.)SH -10500 XM -(You login to the workstation and use the)SH -/Times-Italic SF -28648 XM -(kinit)SH -/Times-Roman SF -30879 XM -(command to to get a ticket-granting ticket.)SH -10500 14676 MT -(This command prompts you for your username \050your Kerberos Principal Name\051, and your)SH -10500 15872 MT -(Kerberos password [on some systems which use the new version of)SH -/Times-Italic SF -40465 XM -(/bin/login)SH -/Times-Roman SF -(, this may be)SH -10500 17068 MT -(done as part of the login process, not requiring the user to run a separate program].)SH -12762 19019 MT -(a.)SH -13800 XM -(The)SH -/Times-Italic SF -15785 XM -(kinit)SH -/Times-Roman SF -18016 XM -(command sends your request to the Kerberos master server machine. The)SH -13800 20215 MT -(server software looks for your principal name's entry in the Kerberos)SH -/Times-Bold SF -44555 XM -(master)SH -13800 21411 MT -(database)SH -/Times-Roman SF -(.)SH -12700 23305 MT -(b.)SH -13800 XM -(If this entry exists, the Kerberos server creates and returns a)SH -/Times-Italic SF -40430 XM -(ticket-granting ticket)SH -/Times-Roman SF -(,)SH -13800 24501 MT -(encrypted in your password. If)SH -/Times-Italic SF -27819 XM -(kinit)SH -/Times-Roman SF -30050 XM -(can decrypt the Kerberos reply using the)SH -13800 25697 MT -(password you provide, it stores this ticket in a)SH -/Times-Bold SF -34270 XM -(ticket file)SH -/Times-Roman SF -38912 XM -(on your local machine for)SH -13800 26893 MT -(later use. The ticket file to be used can be specified in the)SH -/Times-Bold SF -39609 XM -(KRBTKFILE)SH -/Times-Roman SF -13800 28089 MT -(environment variable. If this variable is not set, the name of the file will be)SH -/Times-Italic SF -13800 29285 MT -(/tmp/tkt)SH -/Times-BoldItalic SF -(uid)SH -/Times-Roman SF -(, where)SH -/Times-BoldItalic SF -22141 XM -(uid)SH -/Times-Roman SF -23884 XM -(is the UNIX user-id, represented in decimal.)SH -9400 31236 MT -(2.)SH -10500 XM -(Now you use the)SH -/Times-Italic SF -18198 XM -(rlogin)SH -/Times-Roman SF -21163 XM -(client to try to access the machine)SH -/Times-Italic SF -36344 XM -(laughter)SH -/Times-Roman SF -(.)SH -/Courier SF -11820 32813 MT -(host%)SH -/Times-Bold SF -15780 XM -(rlogin laughter)275 W -/Times-Roman SF -12762 34764 MT -(a.)SH -13800 XM -(The)SH -/Times-Italic SF -15785 XM -(rlogin)SH -/Times-Roman SF -18750 XM -(client checks your ticket file to see if you have a ticket for)SH -/Times-Italic SF -44559 XM -(laughter)SH -/Times-Roman SF -('s)SH -/Times-Italic SF -13800 35960 MT -(rcmd)SH -/Times-Roman SF -16335 XM -(service \050the rlogin program uses the)SH -/Times-Italic SF -32401 XM -(rcmd)SH -/Times-Roman SF -34936 XM -(service name, mostly for historical)SH -13800 37156 MT -(reasons\051. You) -275 W( don't, so)SH -/Times-Italic SF -24583 XM -(rlogin)SH -/Times-Roman SF -27548 XM -(uses the ticket file's)SH -/Times-Italic SF -36590 XM -(ticket-granting ticket)SH -/Times-Roman SF -46060 XM -(to make a)SH -13800 38352 MT -(request to the master server's ticket-granting service.)SH -12700 40246 MT -(b.)SH -13800 XM -(This ticket-granting service receives the)SH -/Times-Italic SF -31667 XM -(rcmd-laughter)SH -/Times-Roman SF -38296 XM -(request and looks in the)SH -13800 41442 MT -(master database for an)SH -/Times-Italic SF -23938 XM -(rcmd-laughter)SH -/Times-Roman SF -30567 XM -(entry. If) -275 W( that entry exists, the ticket-granting)SH -13800 42638 MT -(service issues you a ticket for that service. That ticket is also cached in your ticket)SH -13800 43834 MT -(file.)SH -12762 45728 MT -(c.)SH -13800 XM -(The)SH -/Times-Italic SF -15785 XM -(rlogin)SH -/Times-Roman SF -18750 XM -(client now uses that ticket to request service from the)SH -/Times-Italic SF -42454 XM -(laughter rlogin)SH -/Times-Roman SF -13800 46924 MT -(service program. The service program lets you)SH -/Times-Italic SF -34843 XM -(rlogin)SH -/Times-Roman SF -37808 XM -(if the ticket is valid.)SH -16 /Times-Bold AF -7200 51596 MT -(2. Setting) -400 W( Up and Testing the Kerberos Server)SH -11 /Times-Roman AF -7200 53791 MT -(The procedure for setting up and testing a Kerberos server is as follows:)SH -9400 55742 MT -(1.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kdb_init)SH -/Times-Roman SF -17985 XM -(command to create and initialize the master database.)SH -9400 57636 MT -(2.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kdb_edit)SH -/Times-Roman SF -18167 XM -(utility to add your username to the master database.)SH -9400 59530 MT -(3.)SH -10500 XM -(Start the Kerberos server.)SH -9400 61424 MT -(4.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kinit)SH -/Times-Roman SF -16335 XM -(command to obtain a Kerberos ticket-granting ticket.)SH -9400 63318 MT -(5.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(klist)SH -/Times-Roman SF -16213 XM -(command to verify that the)SH -/Times-Italic SF -28402 XM -(kinit)SH -/Times-Roman SF -30633 XM -(command authenticated you successfully.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(2)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 3 4 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(2.1 Creating) -350 W( and Initializing the Master Database)SH -11 /Times-Roman AF -7200 10333 MT -(Login to the Kerberos master server machine, and use the)SH -/Times-Bold SF -32825 XM -(su)SH -/Times-Roman SF -34140 XM -(command to become root. If you installed)SH -7200 11529 MT -(the Kerberos administration tools with the)SH -/Times-Italic SF -26020 XM -(make install)SH -/Times-Roman SF -31642 XM -(command and the default pathnames, they should)SH -7200 12725 MT -(be in the)SH -/Times-Italic SF -11263 XM -(/usr/etc)SH -/Times-Roman SF -14838 XM -(directory. If) -275 W( you installed the tools in a different directory, hopefully you know what it)SH -7200 13921 MT -(is. From) -275 W( now on, we will refer to this directory as [ADMIN_DIR].)SH -7200 16219 MT -(The)SH -/Times-Italic SF -9185 XM -(kdb_init)SH -/Times-Roman SF -13066 XM -(command creates and initializes the master database. It asks you to enter the system's realm)SH -7200 17415 MT -(name and the database's master password. Do not forget this password. If you do, the database becomes)SH -7200 18611 MT -(useless. \050Your) -275 W( realm name should be substituted for [REALMNAME] below.\051)SH -7200 20909 MT -(Use)SH -/Times-Italic SF -9185 XM -(kdb_init)SH -/Times-Roman SF -13066 XM -(as follows:)SH -/Courier SF -8520 22486 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kdb_init)SH -/Courier SF -8520 23600 MT -(Realm name \050default XXX\051:)SH -/Times-Bold SF -25680 XM -([REALMNAME])SH -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(Enter your system's realm name.)SH -/Courier SF -8520 24714 MT -(You will be prompted for the database Master Password.)SH -8520 25828 MT -(It is important that you NOT FORGET this password.)SH -8520 28056 MT -(Enter Kerberos master key:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the master password.)SH -14 /Times-Bold AF -7200 32988 MT -(2.2 Storing) -350 W( the Master Password)SH -11 /Times-Roman AF -7200 35183 MT -(The)SH -/Times-Italic SF -9185 XM -(kstash)SH -/Times-Roman SF -12210 XM -(command ``stashes'' the master password in the file)SH -/Times-Italic SF -35424 XM -(/.k)SH -/Times-Roman SF -36768 XM -(so that the Kerberos server can be)SH -7200 36379 MT -(started automatically during an unattended reboot of the master server. Other administrative programs)SH -7200 37575 MT -(use this hidden password so that they can access the master database without someone having to manually)SH -7200 38771 MT -(provide the master password. This command is an optional one; if you'd rather enter the master password)SH -7200 39967 MT -(each time you start the Kerberos server, don't use)SH -/Times-Italic SF -29312 XM -(kstash)SH -/Times-Roman SF -(.)SH -7200 42265 MT -(One the one hand, if you use)SH -/Times-Italic SF -20090 XM -(kstash)SH -/Times-Roman SF -(, a copy of the master key will reside on disk which may not be)SH -7200 43461 MT -(acceptable; on the other hand, if you don't use)SH -/Times-Italic SF -27848 XM -(kstash)SH -/Times-Roman SF -(, the server cannot be started unless someone is)SH -7200 44657 MT -(around to type the password in manually.)SH -7200 46955 MT -(The command prompts you twice for the master password:)SH -/Courier SF -8520 48532 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kstash)SH -/Courier SF -8520 50760 MT -(Enter Kerberos master key:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the master password.)SH -/Courier SF -8520 51874 MT -(Current Kerberos master key version is 1.)SH -8520 54102 MT -(Master key entered) -SH( BEWARE!)1320 W -/Times-Roman SF -7200 56400 MT -(A note about the Kerberos database master key: if your master key is compromised and the database is)SH -7200 57596 MT -(obtained, the security of your entire authentication system is compromised. The master key must be a)SH -7200 58792 MT -(carefully kept secret. If you keep backups, you must guard all the master keys you use, in case someone)SH -7200 59988 MT -(has stolen an old backup and wants to attack users' whose passwords haven't changed since the backup)SH -7200 61184 MT -(was stolen. This is why we provide the option not to store it on disk.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(3)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 4 5 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(2.3 Using)350 W -/Times-BoldItalic SF -13423 XM -(kdb_edit)SH -/Times-Bold SF -18673 XM -(to Add Users to the Master Database)SH -11 /Times-Roman AF -7200 10362 MT -(The)SH -/Times-Italic SF -9185 XM -(kdb_edit)SH -/Times-Roman SF -13248 XM -(program is used to add new users and services to the master database, and to modify)SH -7200 11558 MT -(existing database information. The program prompts you to enter a principal's)SH -/Times-Bold SF -42177 XM -(name)SH -/Times-Roman SF -45018 XM -(and)SH -/Times-Bold SF -46881 XM -(instance)SH -/Times-Roman SF -(.)SH -7200 13856 MT -(A principal name is typically a username or a service program's name. An instance further qualifies the)SH -7200 15052 MT -(principal. If) -275 W( the principal is a service, the instance is used to specify the name of the machine on which)SH -7200 16248 MT -(that service runs. If the principal is a username that has general user privileges, the instance is usually set)SH -7200 17444 MT -(to null.)SH -7200 19742 MT -(The following example shows how to use)SH -/Times-Italic SF -25805 XM -(kdb_edit)SH -/Times-Roman SF -29868 XM -(to add the user)SH -/Times-Italic SF -36588 XM -(wave)SH -/Times-Roman SF -39123 XM -(to the Kerberos database.)SH -/Courier SF -8520 21319 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kdb_edit)SH -/Courier SF -8520 23547 MT -(Opening database...)SH -8520 25775 MT -(Enter Kerberos master key:)SH -8520 26889 MT -(Verifying, please re-enter)SH -8520 28003 MT -(Enter Kerberos master key:)SH -8520 29117 MT -(Current Kerberos master key version is 1)SH -8520 31345 MT -(Master key entered. BEWARE!)SH -8520 32459 MT -(Previous or default values are in [brackets] ,)SH -8520 33573 MT -(enter return to leave the same, or new value.)SH -8520 35801 MT -(Principal name:)SH -/Times-Bold SF -19080 XM -(wave)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the username.)SH -/Courier SF -8520 36915 MT -(Instance:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter a null instance.)SH -/Courier SF -8520 39143 MT -(, Create [y] ?)SH -/Times-Bold SF -25680 XM -(y)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(The user-instance does not exist.)SH -30450 40257 MT -(Enter y to create the user-instance.)SH -/Courier SF -8520 41371 MT -(Principal: wave Instance: m_key_v: 1)SH -8520 42485 MT -(New Password:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter the user-instance's password.)SH -/Courier SF -8520 43599 MT -(Verifying, please re-enter)SH -8520 44713 MT -(New Password:)SH -8520 45827 MT -(Principal's new key version = 1)SH -8520 46941 MT -(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(Enter newlines)SH -/Courier SF -8520 48055 MT -(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(to get the)SH -/Courier SF -8520 49169 MT -(Attributes [ 0 ] ?)SH -/Times-Bold SF -30120 XM -(<--)SH -/Times-BoldItalic SF -32139 XM -(default values.)SH -/Courier SF -8520 50283 MT -(Edit O.K.)SH -8520 52511 MT -(Principal name:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter a newline to exit the program.)SH -/Times-Roman SF -7200 54809 MT -(Use the)SH -/Times-Italic SF -10804 XM -(kdb_edit)SH -/Times-Roman SF -14867 XM -(utility to add your username to the master database.)SH -14 /Times-Bold AF -7200 58627 MT -(2.4 Starting) -350 W( the Kerberos Server)SH -11 /Times-Roman AF -7200 60822 MT -(Change directories to the directory in which you have installed the server program)SH -/Times-Italic SF -43701 XM -(kerberos)SH -/Times-Roman SF -47824 XM -(\050the default)SH -7200 62018 MT -(directory is)SH -/Times-Italic SF -12454 XM -(/usr/etc)SH -/Times-Roman SF -(\051, and start the program as a background process:)SH -/Courier SF -8520 63595 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kerberos &)SH -/Times-Roman SF -7200 65190 MT -(If you have used the)SH -/Times-Italic SF -16393 XM -(kstash)SH -/Times-Roman SF -19418 XM -(command to store the master database password, the server will start)SH -7200 66386 MT -(automatically. If) -275 W( you did not use)SH -/Times-Italic SF -22048 XM -(kstash)SH -/Times-Roman SF -(, use the following command:)SH -/Courier SF -8520 67963 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kerberos -m)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(4)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 5 6 -BS -0 SI -11 /Times-Roman AF -7200 7955 MT -(The server will prompt you to enter the master password before actually starting itself.)SH -14 /Times-Bold AF -7200 11773 MT -(2.5 Testing) -350 W( the Kerberos Server)SH -11 /Times-Roman AF -7200 13968 MT -(Exit the root account and use the)SH -/Times-Italic SF -21893 XM -(kinit)SH -/Times-Roman SF -24124 XM -(command obtain a Kerberos ticket-granting ticket. This command)SH -7200 15164 MT -(creates your ticket file and stores the ticket-granting ticket in it.)SH -7200 17462 MT -(If you used the default)SH -/Times-Italic SF -17371 XM -(make install)SH -/Times-Roman SF -22993 XM -(command and directories to install the Kerberos user utilities,)SH -/Times-Italic SF -50365 XM -(kinit)SH -/Times-Roman SF -7200 18658 MT -(will be in the)SH -/Times-Italic SF -13250 XM -(/usr/athena)SH -/Times-Roman SF -18537 XM -(directory. From now on, we'll refer to the Kerberos user commands directory as)SH -7200 19854 MT -([K_USER].)SH -7200 22152 MT -(Use)SH -/Times-Italic SF -9185 XM -(kinit)SH -/Times-Roman SF -11416 XM -(as follows:)SH -/Courier SF -8520 23729 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kinit)SH -/Courier SF -8520 24843 MT -(MIT Project Athena, \050ariadne\051)SH -8520 25957 MT -(Kerberos Initialization)SH -8520 27071 MT -(Kerberos name:)SH -/Times-BoldItalic SF -18420 XM -(yourusername)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos username.)SH -/Courier SF -8520 28185 MT -(Password:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos password.)SH -/Times-Roman SF -7200 30483 MT -(Use the)SH -/Times-Italic SF -10804 XM -(klist)SH -/Times-Roman SF -12913 XM -(program to list the contents of your ticket file.)SH -/Courier SF -8520 32060 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/klist)SH -/Times-Roman SF -7200 33655 MT -(The command should display something like the following:)SH -/Courier SF -8520 35181 MT -(Ticket file:) -SH( /tmp/tkt5555)1980 W -8520 36295 MT -(Principal: yourusername at REALMNAME)3300 W -9840 38523 MT -(Issued Expires) -6600 W( Principal)5940 W -8520 39637 MT -(May 6) -660 W( 10:15:23 May 6 18:15:23 krbtgt.REALMNAME at REALMNAME)SH -/Times-Roman SF -7200 41935 MT -(If you have any problems, you can examine the log file)SH -/Times-Italic SF -31758 XM -(/kerberos/kerberos.log)SH -/Times-Roman SF -42022 XM -(on the Kerberos server)SH -7200 43131 MT -(machine to see if there was some sort of error.)SH -16 /Times-Bold AF -7200 47803 MT -(3. Setting) -400 W( up and testing the Administration server)SH -11 /Times-Roman AF -7200 49998 MT -(The procedure for setting up and testing the Kerberos administration server is as follows:)SH -9400 51949 MT -(1.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kdb_edit)SH -/Times-Roman SF -18167 XM -(utility to add your username with an administration instance to the master)SH -10500 53145 MT -(database.)SH -9400 55039 MT -(2.)SH -10500 XM -(Edit the access control lists for the administration server)SH -9400 56933 MT -(3.)SH -10500 XM -(Start the Kerberos administration server.)SH -9400 58827 MT -(4.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kpasswd)SH -/Times-Roman SF -18107 XM -(command to change your password.)SH -9400 60721 MT -(5.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kadmin)SH -/Times-Roman SF -17617 XM -(command to add new entries to the database.)SH -9400 62615 MT -(6.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kinit)SH -/Times-Roman SF -16335 XM -(command to verify that the)SH -/Times-Italic SF -28524 XM -(kadmin)SH -/Times-Roman SF -32037 XM -(command correctly added new entries to)SH -10500 63811 MT -(the database.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(5)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 6 7 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(3.1 Adding) -350 W( an administration instance for the administrator)SH -11 /Times-Roman AF -7200 10333 MT -(Login to the Kerberos master server machine, and use the)SH -/Times-Bold SF -32825 XM -(su)SH -/Times-Roman SF -34140 XM -(command to become root. Use the)SH -/Times-Italic SF -49780 XM -(kdb_edit)SH -/Times-Roman SF -7200 11529 MT -(program to create an entry for each administrator with the instance ``)SH -/Times-BoldItalic SF -(admin)SH -/Times-Roman SF -(''.)SH -/Courier SF -8520 13106 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kdb_edit)SH -/Courier SF -8520 15334 MT -(Opening database...)SH -8520 17562 MT -(Enter Kerberos master key:)SH -8520 18676 MT -(Verifying, please re-enter)SH -8520 19790 MT -(Enter Kerberos master key:)SH -8520 20904 MT -(Current Kerberos master key version is 1)SH -8520 23132 MT -(Master key entered. BEWARE!)SH -8520 24246 MT -(Previous or default values are in [brackets] ,)SH -8520 25360 MT -(enter return to leave the same, or new value.)SH -8520 27588 MT -(Principal name:)SH -/Times-Bold SF -19080 XM -(wave)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the username.)SH -/Courier SF -8520 28702 MT -(Instance:)SH -/Times-Bold SF -(admin)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter ``admin''.)SH -/Courier SF -8520 30930 MT -(, Create [y] ?)SH -/Times-Bold SF -25680 XM -(y)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(The user-instance does not exist.)SH -30450 32044 MT -(Enter y to create the user-instance.)SH -/Courier SF -8520 33158 MT -(Principal: wave Instance: admin m_key_v: 1)SH -8520 34272 MT -(New Password:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter the user-instance's password.)SH -/Courier SF -8520 35386 MT -(Verifying, please re-enter)SH -8520 36500 MT -(New Password:)SH -8520 37614 MT -(Principal's new key version = 1)SH -8520 38728 MT -(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(Enter newlines)SH -/Courier SF -8520 39842 MT -(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(to get the)SH -/Courier SF -8520 40956 MT -(Attributes [ 0 ] ?)SH -/Times-Bold SF -30120 XM -(<--)SH -/Times-BoldItalic SF -32139 XM -(default values.)SH -/Courier SF -8520 42070 MT -(Edit O.K.)SH -8520 44298 MT -(Principal name:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter a newline to exit the program.)SH -14 /Times-Bold AF -7200 48116 MT -(3.2 The) -350 W( Access Control Lists)SH -11 /Times-Roman AF -7200 50311 MT -(The Kerberos administration server uses three access control lists to determine who is authorized to make)SH -7200 51507 MT -(certain requests. The access control lists are stored on the master Kerberos server in the same directory as)SH -7200 52703 MT -(the principal database,)SH -/Times-Italic SF -17340 XM -(/kerberos)SH -/Times-Roman SF -(. The) -275 W( access control lists are simple ASCII text files, with each line)SH -7200 53899 MT -(specifying the name of one principal who is allowed the particular function. To allow several people to)SH -7200 55095 MT -(perform the same function, put their principal names on separate lines in the same file.)SH -7200 57393 MT -(The first list,)SH -/Times-Italic SF -13128 XM -(/kerberos/admin_acl.mod)SH -/Times-Roman SF -(, is a list of principals which are authorized to change entries in the)SH -7200 58589 MT -(database. To) -275 W( allow the administrator `)SH -/Times-Bold SF -(wave)SH -/Times-Roman SF -(' to modify entries in the database for the realm `)SH -/Times-Bold SF -(TIM.EDU)SH -/Times-Roman SF -(',)SH -7200 59785 MT -(you would put the following line into the file)SH -/Times-Italic SF -27275 XM -(/kerberos/admin_acl.mod)SH -/Times-Roman SF -(:)SH -/Courier SF -8520 61311 MT -(wave.admin at TIM.EDU)SH -/Times-Roman SF -7200 63609 MT -(The second list,)SH -/Times-Italic SF -14410 XM -(/kerberos/admin_acl.get)SH -/Times-Roman SF -(, is a list of principals which are authorized to retrieve entries)SH -7200 64805 MT -(from the database.)SH -7200 67103 MT -(The third list,)SH -/Times-Italic SF -13434 XM -(/kerberos/admin_acl.add)SH -/Times-Roman SF -(, is a list of principals which are authorized to add new entries to)SH -7200 68299 MT -(the database.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(6)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 7 8 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(3.3 Starting) -350 W( the administration server)SH -11 /Times-Roman AF -7200 10333 MT -(Change directories to the directory in which you have installed the administration server program)SH -/Times-Italic SF -7200 11529 MT -(kadmind)SH -/Times-Roman SF -11263 XM -(\050the default directory is)SH -/Times-Italic SF -21831 XM -(/usr/etc)SH -/Times-Roman SF -(\051, and start the program as a background process:)SH -/Courier SF -8520 13106 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kadmind -n&)SH -/Times-Roman SF -7200 14701 MT -(If you have used the)SH -/Times-Italic SF -16393 XM -(kstash)SH -/Times-Roman SF -19418 XM -(command to store the master database password, the server will start)SH -7200 15897 MT -(automatically. If) -275 W( you did not use)SH -/Times-Italic SF -22048 XM -(kstash)SH -/Times-Roman SF -(, use the following command:)SH -/Courier SF -8520 17474 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kadmind)SH -/Times-Roman SF -7200 19069 MT -(The server will prompt you to enter the master password before actually starting itself; after it starts, you)SH -7200 20265 MT -(should suspend it and put it in the background \050usually this is done by typing control-Z and then)SH -/Times-Bold SF -49792 XM -(bg)SH -/Times-Roman SF -(\051.)SH -14 /Times-Bold AF -7200 24112 MT -(3.4 Testing)350 W -/Times-BoldItalic SF -14434 XM -(kpasswd)SH -11 /Times-Roman AF -7200 26307 MT -(To test the administration server, you should try changing your password with the)SH -/Times-Italic SF -43494 XM -(kpasswd)SH -/Times-Roman SF -47497 XM -(command, and)SH -7200 27503 MT -(you should try adding new users with the)SH -/Times-Italic SF -25592 XM -(kadmin)SH -/Times-Roman SF -29105 XM -(command \050both commands are installed into)SH -/Times-Italic SF -48963 XM -(/usr/athena)SH -/Times-Roman SF -7200 28699 MT -(by default\051.)SH -7200 30997 MT -(Before testing, you should exit the root account.)SH -7200 33295 MT -(To change your password, run the)SH -/Times-Italic SF -22441 XM -(kpasswd)SH -/Times-Roman SF -26444 XM -(command:)SH -/Courier SF -8520 34872 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kpasswd)SH -/Courier SF -8520 35986 MT -(Old password for wave at TIM.EDU:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(Enter your password)SH -/Courier SF -8520 37100 MT -(New Password for wave at TIM.EDU:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(Enter a new password)SH -/Courier SF -8520 38214 MT -(Verifying, please re-enter New Password for wave at TIM.EDU:)SH -/Times-Bold SF -28800 39328 MT -(<--)SH -/Times-BoldItalic SF -(Enter new password again)SH -/Courier SF -8520 40442 MT -(Password changed.)SH -/Times-Roman SF -7200 42037 MT -(Once you have changed your password, use the)SH -/Times-Italic SF -28365 XM -(kinit)SH -/Times-Roman SF -30596 XM -(program as shown above to verify that the password)SH -7200 43233 MT -(was properly changed.)SH -14 /Times-Bold AF -7200 47080 MT -(3.5 Testing)350 W -/Times-BoldItalic SF -14434 XM -(kadmin)SH -11 /Times-Roman AF -7200 49275 MT -(You should also test the function of the)SH -/Times-Italic SF -24798 XM -(kadmin)SH -/Times-Roman SF -28311 XM -(program, by adding a new user \050here named)SH -7200 50471 MT -(``)SH -/Courier SF -(username)SH -/Times-Roman SF -(''\051:)SH -/Courier SF -8520 52048 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kadmin)SH -/Courier SF -8520 53162 MT -(Welcome to the Kerberos Administration Program, version 2)SH -8520 54276 MT -(Type "help" if you need it.)SH -8520 55390 MT -(admin:)SH -/Times-Bold SF -13800 XM -(ank username)SH -/Times-BoldItalic SF -28800 XM -(`ank' stands for Add New Key)SH -/Courier SF -8520 56504 MT -(Admin password:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(enter the password)SH -28800 57618 MT -(you chose above for wave.admin)SH -/Courier SF -8520 58732 MT -(Password for username:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(Enter the user's initial password)SH -/Courier SF -8520 59846 MT -(Verifying, please re-enter Password for username:)SH -/Times-Bold SF -40920 XM -(<--)SH -/Times-BoldItalic SF -(enter it again)SH -/Courier SF -8520 60960 MT -(username added to database.)SH -8520 63188 MT -(admin: quit)660 W -8520 64302 MT -(Cleaning up and exiting.)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(7)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 8 9 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(3.6 Verifying) -350 W( with)SH -/Times-BoldItalic SF -18671 XM -(kinit)SH -11 /Times-Roman AF -7200 10362 MT -(Once you've added a new user, you should test to make sure it was added properly by using)SH -/Times-Italic SF -47917 XM -(kinit)SH -/Times-Roman SF -(, and)SH -7200 11558 MT -(trying to get tickets for that user:)SH -/Courier SF -8520 13135 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kinit username)SH -/Courier SF -8520 14249 MT -(MIT Project Athena \050ariadne\051)SH -8520 15363 MT -(Kerberos Initialization for "username at TIM.EDU")SH -8520 16477 MT -(Password:)SH -/Times-Bold SF -15120 XM -(<--)SH -/Times-BoldItalic SF -(Enter the user's password you used above)SH -/Courier SF -8520 17591 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/klist)SH -/Courier SF -8520 18705 MT -(Ticket file:) -SH( /tmp/tkt_5509_spare1)1980 W -8520 19819 MT -(Principal: username at TIM.MIT.EDU)3300 W -9840 22047 MT -(Issued Expires) -6600 W( Principal)5940 W -8520 23161 MT -(Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU at TIM.EDU)SH -/Times-Roman SF -7200 25459 MT -(If you have any problems, you can examine the log files)SH -/Times-Italic SF -32186 XM -(/kerberos/kerberos.log)SH -/Times-Roman SF -42450 XM -(and)SH -/Times-Italic SF -7200 26655 MT -(/kerberos/admin_server.syslog)SH -/Times-Roman SF -21008 XM -(on the Kerberos server machine to see if there was some sort of error.)SH -16 /Times-Bold AF -7200 31327 MT -(4. Setting) -400 W( up and testing slave server\050s\051)SH -11 /Times-Roman AF -7200 33522 MT -([Unfortunately, this chapter is not yet ready. Sorry. -ed])SH -16 /Times-Bold AF -7200 38194 MT -(5. A) -400 W( Sample Application)SH -11 /Times-Roman AF -7200 40389 MT -(This release of Kerberos comes with a sample application server and a corresponding client program.)SH -7200 41585 MT -(You will find this software in the [OBJ_DIR])SH -/Times-Italic SF -(/appl/sample)SH -/Times-Roman SF -33170 XM -(directory. The) -275 W( file)SH -/Times-Italic SF -41691 XM -(sample_client)SH -/Times-Roman SF -48076 XM -(contains the)SH -7200 42781 MT -(client program's executable code, the file)SH -/Times-Italic SF -25677 XM -(sample_server)SH -/Times-Roman SF -32366 XM -(contains the server's executable.)SH -7200 45079 MT -(The programs are rudimentary. When they have been installed \050the installation procedure is described in)SH -7200 46275 MT -(detail later\051, they work as follows:)SH -/Symbol SF -9169 48351 MT -(\267)SH -/Times-Roman SF -9950 XM -(The user starts)SH -/Times-Italic SF -16639 XM -(sample_client)SH -/Times-Roman SF -23024 XM -(and provides as arguments to the command the name of the)SH -9950 49547 MT -(server machine and a checksum. For instance:)SH -/Courier SF -11270 51147 MT -(host%)SH -/Times-Bold SF -15230 XM -(sample_client)SH -/Times-BoldItalic SF -22966 XM -(servername 43)385 W -/Symbol SF -9169 53041 MT -(\267)SH -/Times-Italic SF -9950 XM -(Sample_client)SH -/Times-Roman SF -16457 XM -(contacts the server machine and authenticates the user to)SH -/Times-Italic SF -41654 XM -(sample_server)SH -/Times-Roman SF -(.)SH -/Symbol SF -9169 54935 MT -(\267)SH -/Times-Italic SF -9950 XM -(Sample_server)SH -/Times-Roman SF -16761 XM -(authenticates itself to)SH -/Times-Italic SF -26384 XM -(sample_client)SH -/Times-Roman SF -(, then returns a message to the client)SH -9950 56131 MT -(program. This) -275 W( message contains diagnostic information that includes the user's username,)SH -9950 57327 MT -(the Kerberos realm, and the user's workstation address.)SH -/Symbol SF -9169 59221 MT -(\267)SH -/Times-Italic SF -9950 XM -(Sample_client)SH -/Times-Roman SF -16457 XM -(displays the server's message on the user's terminal screen.)SH -14 /Times-Bold AF -7200 63039 MT -(5.1 The) -350 W( Installation Process)SH -11 /Times-Roman AF -7200 65234 MT -(In general, you use the following procedure to install a Kerberos-authenticated server-client system.)SH -9400 67185 MT -(1.)SH -10500 XM -(Add the appropriate entry to the Kerberos database using)SH -/Times-Italic SF -35881 XM -(kdb_edit)SH -/Times-Roman SF -39944 XM -(or)SH -/Times-Italic SF -41135 XM -(kadmin)SH -/Times-Roman SF -44648 XM -(\050described)SH -10500 68381 MT -(below\051.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(8)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 9 10 -BS -0 SI -11 /Times-Roman AF -9400 7955 MT -(2.)SH -10500 XM -(Create a)SH -/Times-Italic SF -14408 XM -(/etc/srvtab)SH -/Times-Roman SF -19327 XM -(file for the server machine.)SH -9400 9849 MT -(3.)SH -10500 XM -(Install the service program and the)SH -/Times-Italic SF -26016 XM -(/etc/srvtab)SH -/Times-Roman SF -30935 XM -(file on the server machine.)SH -9400 11743 MT -(4.)SH -10500 XM -(Install the client program on the client machine.)SH -9400 13637 MT -(5.)SH -10500 XM -(Update the)SH -/Times-Italic SF -15570 XM -(/etc/services)SH -/Times-Roman SF -21281 XM -(file on the client and server machines.)SH -7200 15935 MT -(We will use the sample application as an example, although the procedure used to install)SH -/Times-Italic SF -46484 XM -(sample_server)SH -/Times-Roman SF -7200 17131 MT -(differs slightly from the general case because the)SH -/Times-Italic SF -29006 XM -(sample_server)SH -/Times-Roman SF -35695 XM -(takes requests via the)SH -/Times-Italic SF -45347 XM -(inetd)SH -/Times-Roman SF -47822 XM -(program.)SH -/Times-Italic SF -7200 18327 MT -(Inetd)SH -/Times-Roman SF -9735 XM -(starts)SH -/Times-Italic SF -12332 XM -(sample_server)SH -/Times-Roman SF -19021 XM -(each time a client process contacts the server machine.)SH -/Times-Italic SF -43606 XM -(Sample_server)SH -/Times-Roman SF -7200 19523 MT -(processes the request, terminiates, then is restarted when)SH -/Times-Italic SF -32368 XM -(inetd)SH -/Times-Roman SF -34843 XM -(receives another)SH -/Times-Italic SF -42293 XM -(sample_client)SH -/Times-Roman SF -48678 XM -(request.)SH -7200 20719 MT -(When you install the program on the server, you must add a)SH -/Times-Italic SF -33807 XM -(sample)SH -/Times-Roman SF -37198 XM -(entry to the server machine's)SH -/Times-Italic SF -7200 21915 MT -(/etc/inetd.conf)SH -/Times-Roman SF -13738 XM -(file.)SH -7200 24213 MT -(The following description assumes that you are installing)SH -/Times-Italic SF -32680 XM -(sample_server)SH -/Times-Roman SF -39369 XM -(on the machine)SH -/Times-Italic SF -46364 XM -(ariadne.tim.edu)SH -/Times-Roman SF -(.)SH -7200 25409 MT -(Here's the process, step by step:)SH -9400 27360 MT -(1.)SH -10500 XM -(Login as or)SH -/Times-Italic SF -15785 XM -(su)SH -/Times-Roman SF -17038 XM -(to root on the Kerberos server machine. Use the)SH -/Times-Italic SF -38631 XM -(kdb_edit)SH -/Times-Roman SF -42694 XM -(or)SH -/Times-Italic SF -43885 XM -(kadmin)SH -/Times-Roman SF -47398 XM -(program)SH -10500 28556 MT -(to create an entry for)SH -/Times-Italic SF -19935 XM -(sample)SH -/Times-Roman SF -23326 XM -(in the Kerberos database:)SH -/Courier SF -11820 30133 MT -(host#)SH -/Times-Bold SF -15780 XM -([ADMIN_DIR]/kdb_edit)SH -/Courier SF -11820 32361 MT -(Opening database...)SH -11820 34589 MT -(Enter Kerberos master key:)SH -11820 35703 MT -(Verifying, please re-enter)SH -11820 36817 MT -(master key entered. BEWARE!)SH -11820 37931 MT -(Previous or default values are in [brackets] ,)SH -11820 39045 MT -(enter return to leave the same, or new value.)SH -11820 41273 MT -(Principal name:)SH -/Times-Bold SF -22380 XM -(sample)SH -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter the principal name.)SH -/Courier SF -11820 42387 MT -(Instance:)SH -/Times-Bold SF -18420 XM -(ariadne)SH -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Instances cannot have periods in them.)SH -/Courier SF -11820 44615 MT -(, Create [y] ?)SH -/Times-Bold SF -28980 XM -(y)SH -/Courier SF -11820 46843 MT -(Principal: sample_server Instance: ariadne m_key_v: 1)SH -11820 47957 MT -(New Password:)SH -/Times-Bold SF -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter ``RANDOM'' to get random password.)SH -/Courier SF -11820 49071 MT -(Verifying, please re-enter)SH -11820 50185 MT -(New Password:)SH -/Times-Bold SF -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter ``RANDOM'' again.)SH -/Courier SF -11820 51299 MT -(Random password [y] ?)SH -/Times-Bold SF -26340 XM -(y)SH -/Courier SF -11820 53527 MT -(Principal's new key version = 1)SH -11820 54641 MT -(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH -11820 55755 MT -(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH -11820 56869 MT -(Attributes [ 0 ] ?)SH -11820 57983 MT -(Edit O.K.)SH -11820 60211 MT -(Principal name:)SH -/Times-Bold SF -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter newline to exit kdb_edit.)SH -/Times-Roman SF -9400 62105 MT -(2.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(ext_srvtab)SH -/Times-Roman SF -18961 XM -(program to create a)SH -/Times-Italic SF -27755 XM -(srvtab)SH -/Times-Roman SF -30780 XM -(file for)SH -/Times-Italic SF -34078 XM -(sample_server)SH -/Times-Roman SF -('s host machine:)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(9)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 10 11 -BS -0 SI -11 /Courier AF -11820 7937 MT -(host#)SH -/Times-Bold SF -15780 XM -([ADMIN_DIR]/ext_srvtab ariadne)275 W -/Courier SF -11820 10165 MT -(Enter Kerberos master key:)SH -11820 11279 MT -(Current Kerberos master key version is 1.)SH -11820 13507 MT -(Generating 'ariadne-new-srvtab'....)SH -/Times-Roman SF -10500 15102 MT -(Transfer the)SH -/Times-Italic SF -16118 XM -(ariadne-new-srvtab)SH -/Times-Roman SF -25069 XM -(file to)SH -/Times-Italic SF -27941 XM -(ariadne)SH -/Times-Roman SF -31638 XM -(and install it as)SH -/Times-Italic SF -38544 XM -(/etc/srvtab)SH -/Times-Roman SF -(. Note) -275 W( that this)SH -10500 16298 MT -(file is equivalent to the service's password and should be treated with care. For example, it)SH -10500 17494 MT -(could be transferred by removable media, but should not be sent over an open network in)SH -10500 18690 MT -(the clear. Once installed, this file should be readable only by root.)SH -9400 20584 MT -(3.)SH -10500 XM -(Add the following line to the)SH -/Times-Italic SF -23516 XM -(/etc/services)SH -/Times-Roman SF -29227 XM -(file on)SH -/Times-Italic SF -32343 XM -(ariadne)SH -/Times-Roman SF -(, and on all machines that will run)SH -10500 21780 MT -(the)SH -/Times-Italic SF -12119 XM -(sample_client)SH -/Times-Roman SF -18504 XM -(program:)SH -/Courier SF -11820 23306 MT -(sample 906/tcp) -2640 W( #) -3960 W( Kerberos sample app server)SH -/Times-Roman SF -9400 25200 MT -(4.)SH -10500 XM -(Add a line similar to the following line to the)SH -/Times-Italic SF -30666 XM -(/etc/inetd.conf)SH -/Times-Roman SF -37204 XM -(file on)SH -/Times-Italic SF -40320 XM -(sample_server)SH -/Times-Roman SF -('s)SH -10500 26396 MT -(machine:)SH -/Courier SF -11820 27922 MT -(sample stream tcp nowait switched root)1320 W -14460 29036 MT -([PATH]/sample_server sample_server)SH -/Times-Roman SF -10500 30631 MT -(where [PATH] should be substituted with the path to the)SH -/Times-Italic SF -35674 XM -(sample_server)SH -/Times-Roman SF -42363 XM -(program. \050This)275 W -/Times-Italic SF -10500 31827 MT -(inetd.conf)SH -/Times-Roman SF -15144 XM -(information should be placed on one line.\051 You should examine existing lines in)SH -/Times-Italic SF -10500 33023 MT -(/etc/inetd.conf)SH -/Times-Roman SF -17038 XM -(and use the same format used by other entries \050e.g. for telnet\051. Most systems)SH -10500 34219 MT -(do not have a column for the `switched' keyword, and some do not have a column for the)SH -10500 35415 MT -(username \050usually `root', as above\051.)SH -9400 37309 MT -(5.)SH -10500 XM -(Restart)SH -/Times-Italic SF -13891 XM -(inetd)SH -/Times-Roman SF -16366 XM -(by sending the current)SH -/Times-Italic SF -26446 XM -(inetd)SH -/Times-Roman SF -28921 XM -(process a hangup signal:)SH -/Courier SF -11820 38909 MT -(host#)SH -/Times-Bold SF -15780 XM -(kill -HUP)275 W -/Times-BoldItalic SF -21373 XM -(process_id_number)SH -/Times-Roman SF -9400 40803 MT -(6.)SH -10500 XM -(The)SH -/Times-Italic SF -12485 XM -(sample_server)SH -/Times-Roman SF -19174 XM -(is now ready to take)SH -/Times-Italic SF -28307 XM -(sample_client)SH -/Times-Roman SF -34692 XM -(requests.)SH -14 /Times-Bold AF -7200 44621 MT -(5.2 Testing) -350 W( the Sample Server)SH -11 /Times-Roman AF -7200 46816 MT -(Assume that you have installed)SH -/Times-Italic SF -21223 XM -(sample_server)SH -/Times-Roman SF -27912 XM -(on)SH -/Times-Italic SF -29287 XM -(ariadne)SH -/Times-Roman SF -(.)SH -7200 49114 MT -(Login to your workstation and use the)SH -/Times-Italic SF -24217 XM -(kinit)SH -/Times-Roman SF -26448 XM -(command to obtain a Kerberos ticket-granting ticket:)SH -/Courier SF -8520 50691 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kinit)SH -/Courier SF -8520 51805 MT -(MIT Project Athena, \050your_workstation\051)SH -8520 52919 MT -(Kerberos Initialization)SH -8520 54033 MT -(Kerberos name:)SH -/Times-BoldItalic SF -18420 XM -(yourusername)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos username.)SH -/Courier SF -8520 55147 MT -(Password:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos password.)SH -/Times-Roman SF -7200 57445 MT -(Now use the)SH -/Times-Italic SF -12973 XM -(sample_client)SH -/Times-Roman SF -19358 XM -(program as follows:)SH -/Courier SF -8520 59022 MT -(host%)SH -/Times-Bold SF -12480 XM -([PATH]/sample_client ariadne)275 W -/Times-Roman SF -7200 60617 MT -(The command should display something like the following:)SH -/Courier SF -8520 62143 MT -(The server says:)SH -8520 63257 MT -(You are)SH -/Times-BoldItalic SF -13800 XM -(yourusername)SH -/Courier SF -(. at REALMNAME \050local name)SH -/Times-BoldItalic SF -36180 XM -(yourusername)SH -/Courier SF -(\051,)SH -9180 64371 MT -(at address)SH -/Times-BoldItalic SF -16440 XM -(yournetaddress)SH -/Courier SF -(, version VERSION9, cksum 997)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30100 XM -(10)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 11 12 -BS -0 SI -16 /Times-Bold AF -7200 8272 MT -(6. Service) -400 W( names and other services)SH -14 SS -7200 12090 MT -(6.1 rlogin,) -350 W( rsh, rcp, tftp, and others)SH -11 /Times-Roman AF -7200 14285 MT -(Many services use a common principal name for authentication purposes.)SH -/Times-Italic SF -40128 XM -(rlogin)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -43368 XM -(rsh)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -45324 XM -(rcp)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -47340 XM -(tftp)SH -/Times-Roman SF -49083 XM -(and others)SH -7200 15481 MT -(use the principal name ``)SH -/Courier SF -(rcmd)SH -/Times-Roman SF -(''. For) -275 W( example, to set up the machine)SH -/Times-Italic SF -38033 XM -(ariadne)SH -/Times-Roman SF -41730 XM -(to support Kerberos rlogin,)SH -7200 16677 MT -(it needs to have a service key for principal ``)SH -/Courier SF -(rcmd)SH -/Times-Roman SF -('', instance ``)SH -/Courier SF -(ariadne)SH -/Times-Roman SF -(''. You) -275 W( create this key in the)SH -7200 17873 MT -(same way as shown above for the sample service.)SH -7200 20171 MT -(After creating this key, you need to run the)SH -/Times-Italic SF -26382 XM -(ext_srvtab)SH -/Times-Roman SF -31239 XM -(program again to generate a new srvtab file for)SH -7200 21367 MT -(ariadne.)SH -14 /Times-Bold AF -7200 25185 MT -(6.2 NFS) -350 W( modifications)SH -11 /Times-Roman AF -7200 27380 MT -(The NFS modifications distributed separately use the service name ``)SH -/Courier SF -(rvdsrv)SH -/Times-Roman SF -('' with the instance set to)SH -7200 28576 MT -(the machine name \050as for the sample server and the rlogin, rsh, rcp and tftp services\051.)SH -14 /Times-Bold AF -7200 32394 MT -(6.3 inetd.conf) -350 W( entries)SH -11 /Times-Roman AF -7200 34589 MT -(The following are the)SH -/Times-Italic SF -16974 XM -(/etc/inetd.conf)SH -/Times-Roman SF -23512 XM -(entries necessary to support rlogin, encrypted rlogin, rsh, and rcp)SH -7200 35785 MT -(services on a server machine. As above, your)SH -/Times-Italic SF -27631 XM -(inetd.conf)SH -/Times-Roman SF -32275 XM -(may not support all the fields shown here.)SH -/Courier SF -8520 37311 MT -(eklogin stream) -660 W( tcp nowait unswitched root)1320 W -11160 38425 MT -([PATH]/klogind eklogind)1320 W -8520 39539 MT -(kshell stream tcp nowait unswitched root)1320 W -11160 40653 MT -([PATH]/kshd kshd)1320 W -8520 41767 MT -(klogin stream tcp nowait unswitched root)1320 W -11160 42881 MT -([PATH]/klogind klogind)1320 W -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30100 XM -(11)SH -47890 XM -(4 January 1990)SH -ES -%%Page: i 13 -BS -0 SI -14 /Times-Bold AF -25272 8138 MT -(Table of Contents)SH -13 SS -7200 9781 MT -(1. How) -325 W( Kerberos Works: A Schematic Description)SH -53350 XM -(1)SH -12 /Times-Roman AF -9000 11130 MT -(1.1 Network) -300 W( Services and Their Client Programs)SH -53400 XM -(1)SH -9000 12479 MT -(1.2 Kerberos) -300 W( Tickets)SH -53400 XM -(1)SH -9000 13828 MT -(1.3 The) -300 W( Kerberos Master Database)SH -53400 XM -(1)SH -9000 15177 MT -(1.4 The) -300 W( Ticket-Granting Ticket)SH -53400 XM -(1)SH -9000 16526 MT -(1.5 Network) -300 W( Services and the Master Database)SH -53400 XM -(1)SH -9000 17875 MT -(1.6 The) -300 W( User-Kerberos Interaction)SH -53400 XM -(2)SH -13 /Times-Bold AF -7200 19518 MT -(2. Setting) -325 W( Up and Testing the Kerberos Server)SH -53350 XM -(2)SH -12 /Times-Roman AF -9000 20867 MT -(2.1 Creating) -300 W( and Initializing the Master Database)SH -53400 XM -(3)SH -9000 22216 MT -(2.2 Storing) -300 W( the Master Password)SH -53400 XM -(3)SH -9000 23571 MT -(2.3 Using)300 W -/Times-BoldItalic SF -14267 XM -(kdb_edit)SH -/Times-Roman SF -18768 XM -(to Add Users to the Master Database)SH -53400 XM -(4)SH -9000 24920 MT -(2.4 Starting) -300 W( the Kerberos Server)SH -53400 XM -(4)SH -9000 26269 MT -(2.5 Testing) -300 W( the Kerberos Server)SH -53400 XM -(5)SH -13 /Times-Bold AF -7200 27912 MT -(3. Setting) -325 W( up and testing the Administration server)SH -53350 XM -(5)SH -12 /Times-Roman AF -9000 29261 MT -(3.1 Adding) -300 W( an administration instance for the administrator)SH -53400 XM -(6)SH -9000 30610 MT -(3.2 The) -300 W( Access Control Lists)SH -53400 XM -(6)SH -9000 31959 MT -(3.3 Starting) -300 W( the administration server)SH -53400 XM -(7)SH -9000 33314 MT -(3.4 Testing)300 W -/Times-BoldItalic SF -15001 XM -(kpasswd)SH -/Times-Roman SF -53400 XM -(7)SH -9000 34669 MT -(3.5 Testing)300 W -/Times-BoldItalic SF -15001 XM -(kadmin)SH -/Times-Roman SF -53400 XM -(7)SH -9000 36024 MT -(3.6 Verifying) -300 W( with)SH -/Times-BoldItalic SF -18501 XM -(kinit)SH -/Times-Roman SF -53400 XM -(8)SH -13 /Times-Bold AF -7200 37667 MT -(4. Setting) -325 W( up and testing slave server\050s\051)SH -53350 XM -(8)SH -7200 39310 MT -(5. A) -325 W( Sample Application)SH -53350 XM -(8)SH -12 /Times-Roman AF -9000 40659 MT -(5.1 The) -300 W( Installation Process)SH -53400 XM -(8)SH -9000 42008 MT -(5.2 Testing) -300 W( the Sample Server)SH -52800 XM -(10)SH -13 /Times-Bold AF -7200 43651 MT -(6. Service) -325 W( names and other services)SH -52700 XM -(11)SH -12 /Times-Roman AF -9000 45000 MT -(6.1 rlogin,) -300 W( rsh, rcp, tftp, and others)SH -52800 XM -(11)SH -9000 46349 MT -(6.2 NFS) -300 W( modifications)SH -52800 XM -(11)SH -9000 47698 MT -(6.3 inetd.conf) -300 W( entries)SH -52800 XM -(11)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30461 XM -(i)SH -47890 XM -(4 January 1990)SH -ES -%%Trailer -%%Pages: 13 -%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol Deleted: branches/mskrb-integ/doc/old-V4-docs/operation.mss =================================================================== --- branches/mskrb-integ/doc/old-V4-docs/operation.mss 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/doc/old-V4-docs/operation.mss 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,799 +0,0 @@ - at Comment[ $Source$] - at Comment[ $Author$] - at Comment[ $Id$] - at Comment[] - at device[postscript] - at make[report] - at comment[ - at DefineFont(HeadingFont, - P=, - B=, - I=, - R=) -] - at DefineFont(HeadingFont, - P=, - B=, - I=, - R=) - at Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I], - IncrementedBy Use,Announced) - at Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ], - IncrementedBy Use,Referenced [@1],Announced) - at Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ], - IncrementedBy,Referenced [@A],Announced,Alias Chapter) - at Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias - Chapter) - at Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2, - Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy - Use,Announced) - at Counter(AppendixSection,Within Appendix,TitleEnv HD2, - ContentsEnv tc2, - Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy - Use,Announced) - at Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3, - Numbered [@#@:. at 1 ],IncrementedBy Use, - Referenced [@#@:. at 1 ]) - at Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3, - ContentsEnv tc3, - Numbered [@#@:. at 1 ],IncrementedBy Use, - Referenced [@#@:. at 1 ]) - at Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4, - Numbered [@#@:. at 1 ],Referenced [@#@:. at 1], - IncrementedBy Use) - at modify(CopyrightNotice, Fixed -1 inch, Flushright) - at Modify(Titlebox, Fixed 3.0 inches) - at Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off) - at Modify(hd2, below .2 inch, facecode B, size 14, spaces kept) - at Modify(hd3, below .2 inch, facecode B, size 12, spaces kept) - at Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line) - at Modify(Tc1, Above .5, Facecode B) - at Modify(Tc2, Above .25, Below .25, Facecode R) - at Modify(Tc3,Facecode R) - at Modify(Tc4,Facecode R) - at Modify(Itemize,Above 1line,Below 1line) - at Modify(Insert,LeftMargin +2, RightMargin +2) - at libraryfile[stable] - at comment[@Style(Font NewCenturySchoolBook, size 11)] - at Style(Font TimesRoman, size 11) - at Style(Spacing 1.1, indent 0) - at Style(leftmargin 1.0inch) - at Style(justification no) - at Style(BottomMargin 1.5inch) - at Style(ChangeBarLocation Right) - at Style(ChangeBars=off) - at pageheading[immediate] - at pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)", -right = "@value(date)"] - at set[page = 0] - at blankspace[.5 inches] - at begin[group, size 20] - at begin(center) - at b[Kerberos Operation Notes] - at b[DRAFT] - at end[center] - at blankspace[.5 inches] - at end(group) - at begin[group, size 16] - at begin(center) -Bill Bryant -John Kohl -Project Athena, MIT - at blankspace[.5 inches] - at b[Initial Release, January 24, 1989] - at i[(plus later patches through patchlevel 7)] - at end[center] - at end(group) - at begin[group, size 10] - at end[group] - at blankspace[1inches] - -These notes assume that you have used the - at i[Kerberos Installation Notes] to build and install your -Kerberos system. -As in that document, we refer to the directory that contains -the built Kerberos binaries as [OBJ_DIR]. - -This document assumes that you are a Unix system manager. - - at newpage() - at chapter[How Kerberos Works: A Schematic Description] - -This section provides a simplified description of -a general user's interaction with the Kerberos system. -This interaction happens transparently--users don't need to know -and probably don't care about what's going on--but Kerberos administrators -might find a schematic description of the process useful. -The description glosses over a lot of details; -for more information, see @i[Kerberos: An Authentication -Service for Open Network Systems], -a paper presented at Winter USENIX 1988, in Dallas, Texas. - - at section[Network Services and Their Client Programs] - -In an environment that provides network services, -you use @i[client] programs to request service from - at i[server] programs that are somewhere on the network. -Suppose you have logged in to a workstation -and you want to @i[rlogin] to another machine. -You use the local @i[rlogin] client program to -contact the remote machine's @i[rlogin] service daemon. - - at section[Kerberos Tickets] - -Under Kerberos, the @i[rlogin] service program -allows a client to login to a remote machine if it -can provide -a Kerberos @b[ticket] for the request. -This ticket proves the identity of the person who has used -the client program to access the server program. - - at section[The Kerberos Master Database] - -Kerberos will give you tickets only if you -have an entry in the Kerberos server's - at b[master database]. -Your database entry includes your Kerberos username (often referred to -as your Kerberos @b[principal] name), and your Kerberos password. -Every Kerberos user must have an entry in this database. - - at section[The Ticket-Granting Ticket] - -The @i[kinit] command prompts for your Kerberos username and password, -and if you enter them successfully, you will obtain a Kerberos - at i[ticket-granting ticket]. -As illustrated below, -client programs use this ticket to get other Kerberos tickets as -needed. - - at section[Network Services and the Master Database] - -The master database also contains entries for all network services that -require Kerberos authentication. -Suppose for instance that your site has a machine @i[laughter] -that requires Kerberos authentication from anyone who wants -to @i[rlogin] to it. -This service must be registered in the master database. -Its entry includes the service's principal name, and its @b[instance]. - -The @i[instance] is the name of the service's machine; -in this case, the service's instance is the name @i[laughter]. -The instance provides a means for Kerberos to distinguish between -machines that provide the same service. -Your site is likely to have more than one machine that -provides @i[rlogin] service. - - at section[The User-Kerberos Interaction] - -Suppose that you (in the guise of a general user) walk up to a workstation -intending to login to it, and then @i[rlogin] to the machine @i[laughter]. -Here's what happens. - at begin[enumerate] -You login to the workstation and use the @i[kinit] command -to to get a ticket-granting ticket. -This command prompts you for your username (your Kerberos Principal Name), -and your Kerberos password [on some systems which use the new version of - at i{/bin/login}, this may be done as part of the login process, not -requiring the user to run a separate program]. - at begin[enumerate] -The @i[kinit] command sends your request to the Kerberos master server -machine. -The server software looks for your principal name's entry in the -Kerberos @b[master database]. - -If this entry exists, the -Kerberos server creates and returns a - at i[ticket-granting ticket], encrypted in your password. -If @i[kinit] can decrypt the Kerberos reply using the password you -provide, it stores this ticket in a @b[ticket file] on your -local machine for later use. -The ticket file to be used -can be specified in the @b[KRBTKFILE] environment -variable. If this variable is not set, the name of the file will be - at i[/tmp/tkt at p(uid)], where @p(uid) is the UNIX user-id, represented in decimal. - at end[enumerate] - -Now you use the @i[rlogin] client to try to access the machine @i[laughter]. - at begin[example] -host% @b[rlogin laughter] - at end[example] - at begin[enumerate] -The @i[rlogin] client checks your ticket file to see if you -have a ticket for @i[laughter]'s @i[rcmd] service (the rlogin program -uses the @i[rcmd] service name, mostly for historical reasons). -You don't, so @i[rlogin] uses the ticket file's @i[ticket-granting -ticket] to make a request to the master server's ticket-granting service. - -This ticket-granting service receives the @i[rcmd-laughter] request -and looks in the master database for an @i[rcmd-laughter] entry. -If that entry exists, the ticket-granting service issues you a ticket -for that service. -That ticket is also cached in your ticket file. - -The @i[rlogin] client now uses that ticket to request service from -the @i[laughter] @i[rlogin] service program. -The service program -lets you @i[rlogin] if the ticket is valid. - at end[enumerate] - at end[enumerate] - - at chapter[Setting Up and Testing the Kerberos Server] - -The procedure for setting up and testing a Kerberos server -is as follows: - at begin[enumerate] -Use the @i[kdb_init] command to create and initialize the master database. - -Use the @i[kdb_edit] utility to add your username to the -master database. - -Start the Kerberos server. - -Use the @i[kinit] command to obtain a Kerberos ticket-granting ticket. - -Use the @i[klist] command to verify that the @i[kinit] command -authenticated you successfully. - at end[enumerate] - - at section[Creating and Initializing the Master Database] - -Login to the Kerberos master server machine, -and use the @b[su] command to become root. -If you installed the Kerberos administration tools -with the @i[make install] command and the default pathnames, -they should be in the @i[/usr/etc] directory. -If you installed the tools in a different directory, -hopefully you know what it is. -From now on, we will refer to this directory as [ADMIN_DIR]. - -The @i[kdb_init] command creates and initializes the master database. -It asks you to enter the system's -realm name and the database's master password. -Do not forget this password. -If you do, the database becomes useless. -(Your realm name should be substituted for [REALMNAME] below.) - -Use @i[kdb_init] as follows: - at tabset[3inches, +1.5inches] - at begin[example, rightmargin -10] -host# @b([ADMIN_DIR]/kdb_init) -Realm name (default XXX): @b([REALMNAME])@\@b[<--] @p[Enter your system's realm name.] -You will be prompted for the database Master Password. -It is important that you NOT FORGET this password. - -Enter Kerberos master key: @\@b[<--] @p[Enter the master password.] - at comment(this needs to be re-fixed...: -Verifying, please re-enter -Enter Kerberos master key: @\@b[<--] @p[Re-enter it.] -) - at end[example] - - at section[Storing the Master Password] - -The @i[kstash] command ``stashes'' the master password in the file @i[/.k] -so that the Kerberos server can -be started automatically during an unattended reboot of the -master server. -Other administrative programs use this hidden password so that they -can access the master database without someone having to manually -provide the master password. -This command is an optional one; -if you'd rather enter the master password each time you -start the Kerberos server, don't use @i[kstash]. - -One the one hand, if you use @i[kstash], a copy of the master -key will reside -on disk which may not be acceptable; on the other hand, if you don't -use @i[kstash], the server cannot be started unless someone is around to -type the password in manually. - -The command prompts you twice for the master password: - at begin[example] - at tabset[3inches] -host# @b([ADMIN_DIR]/kstash) - -Enter Kerberos master key:@\@b[<--] @p[Enter the master password.] -Current Kerberos master key version is 1. - -Master key entered BEWARE! - at end[example] - -A note about the Kerberos database master key: -if your master key is compromised and the database is obtained, -the security of your entire authentication system is compromised. -The master key must be a carefully kept secret. If you keep backups, -you must guard all the master keys you use, in case someone has stolen -an old backup and wants to attack users' whose passwords haven't changed -since the backup was stolen. -This is why we provide the option not to store it on disk. - - at section[Using @p(kdb_edit) to Add Users to the Master Database] - -The @i[kdb_edit] program is used to add new users and services -to the master database, and to modify existing database information. -The program prompts you to enter a principal's @b[name] and @b[instance]. - -A principal name is typically a username or a service program's name. -An instance further qualifies the principal. -If the principal is a service, -the instance is used to specify the name of the machine on which that -service runs. -If the principal is a username that has general user privileges, -the instance is usually set to null. - -The following example shows how to use @i[kdb_edit] to -add the user @i[wave] to the Kerberos database. - at begin[example, rightmargin -10] - at tabset[3inches, +1.5inches] -host# @b([ADMIN_DIR]/kdb_edit) - -Opening database... - -Enter Kerberos master key: -Verifying, please re-enter -Enter Kerberos master key: -Current Kerberos master key version is 1 - -Master key entered. BEWARE! -Previous or default values are in [brackets] , -enter return to leave the same, or new value. - -Principal name: @b[wave]@\@b[<--] @p[Enter the username.] -Instance:@\@p[<-- Enter a null instance.] - -, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.] -@\@p[ Enter y to create the user-instance.] -Principal: wave Instance: m_key_v: 1 -New Password: @\@p[<-- Enter the user-instance's password.] -Verifying, please re-enter -New Password: -Principal's new key version = 1 -Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines] -Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the] -Attributes [ 0 ] ? @\@\@b[<--] @p[default values.] -Edit O.K. - -Principal name:@\@p[<-- Enter a newline to exit the program.] - at end[example] - -Use the @i[kdb_edit] utility to add your username to the master database. - - at section[Starting the Kerberos Server] - -Change directories to the directory in which you have installed -the server program @i[kerberos] -(the default directory is @i[/usr/etc]), -and start the program as a background process: - at begin[example] -host# @b[./kerberos &] - at end[example] -If you have used the @i[kstash] command to store the master database password, -the server will start automatically. -If you did not use @i[kstash], -use the following command: - at begin[example] -host# @b[./kerberos -m] - at end[example] -The server will prompt you to enter the master password before actually -starting itself. - - at section[Testing the Kerberos Server] - -Exit the root account and use the @i[kinit] command obtain a Kerberos -ticket-granting ticket. -This command -creates your ticket file -and stores the ticket-granting ticket in it. - -If you used the default @i[make install] command and directories to -install the Kerberos user utilities, @i[kinit] will be in the - at i[/usr/athena] directory. From now on, we'll refer to the Kerberos user -commands directory as [K_USER]. - -Use @i[kinit] as follows: - at begin[example] - at tabset[3 inches] -host% @b([K_USER]/kinit) -MIT Project Athena, (ariadne) -Kerberos Initialization -Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.] -Password: @\@b[<--] @p[Enter your Kerberos password.] - at end[example] - -Use the @i[klist] program to list the contents of your ticket file. - at begin[example] -host% @b([K_USER]/klist) - at end[example] -The command should display something like the following: - at begin[example] -Ticket file: /tmp/tkt5555 -Principal: yourusername@@REALMNAME - - Issued Expires Principal -May 6 10:15:23 May 6 18:15:23 krbtgt.REALMNAME@@REALMNAME - at end[example] - -If you have any problems, you can examine the log file - at i[/kerberos/kerberos.log] on the Kerberos server machine to see if -there was some sort of error. - - at chapter[Setting up and testing the Administration server] - -The procedure for setting up and testing the Kerberos administration server -is as follows: - at begin[enumerate] -Use the @i[kdb_edit] utility to add your username with an administration -instance to the master database. - -Edit the access control lists for the administration server - -Start the Kerberos administration server. - -Use the @i[kpasswd] command to change your password. - -Use the @i[kadmin] command to add new entries to the database. - -Use the @i[kinit] command to verify that the @i[kadmin] command -correctly added new entries to the database. - at end(enumerate) - - at section[Adding an administration instance for the administrator] - -Login to the Kerberos master server machine, -and use the @b[su] command to become root. -Use the @i[kdb_edit] program to create an entry for each administrator -with the instance ``@p(admin)''. - at begin[example] - at tabset[3inches, +1.5inches] -host# @b([ADMIN_DIR]/kdb_edit) - -Opening database... - -Enter Kerberos master key: -Verifying, please re-enter -Enter Kerberos master key: -Current Kerberos master key version is 1 - -Master key entered. BEWARE! -Previous or default values are in [brackets] , -enter return to leave the same, or new value. - -Principal name: @b[wave]@\@b[<--] @p[Enter the username.] -Instance:@b[admin]@\@b[<--] @p[Enter ``admin''.] - -, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.] -@\@p[ Enter y to create the user-instance.] -Principal: wave Instance: admin m_key_v: 1 -New Password: @\@p[<-- Enter the user-instance's password.] -Verifying, please re-enter -New Password: -Principal's new key version = 1 -Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines] -Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the] -Attributes [ 0 ] ? @\@\@b[<--] @p[default values.] -Edit O.K. - -Principal name:@\@p[<-- Enter a newline to exit the program.] - at end[example] - - at section[The Access Control Lists] -The Kerberos administration server uses three access control lists to -determine who is authorized to make certain requests. The access -control lists are stored on the master Kerberos server in the same -directory as the principal database, @i(/kerberos). The access control -lists are simple ASCII text files, with each line specifying the name of -one principal who is allowed the particular function. To allow several -people to perform the same function, put their principal names on -separate lines in the same file. - -The first list, @i(/kerberos/admin_acl.mod), is a list of principals -which are authorized to change entries in the database. To allow the -administrator `@b[wave]' to modify entries in the database for the realm -`@b[TIM.EDU]', you would put the following line into the file - at i(/kerberos/admin_acl.mod): - at begin(example) -wave.admin@@TIM.EDU - at end(example) - -The second list, @i(/kerberos/admin_acl.get), is a list of principals -which are authorized to retrieve entries from the database. - -The third list, @i(/kerberos/admin_acl.add), is a list of principals -which are authorized to add new entries to the database. - - at section(Starting the administration server) -Change directories to the directory in which you have installed -the administration server program @i[kadmind] -(the default directory is @i[/usr/etc]), -and start the program as a background process: - at begin[example] -host# @b[./kadmind -n&] - at end[example] -If you have used the @i[kstash] command to store the master database password, -the server will start automatically. -If you did not use @i[kstash], -use the following command: - at begin[example] -host# @b[./kadmind] - at end[example] -The server will prompt you to enter the master password before actually -starting itself; after it starts, you should suspend it and put it in -the background (usually this is done by typing control-Z and then @b(bg)). - - at section(Testing @p[kpasswd]) - -To test the administration server, you should try changing your password -with the @i[kpasswd] command, and you should try adding new users with -the @i[kadmin] command (both commands are installed into @i[/usr/athena] -by default). - -Before testing, you should exit the root account. - -To change your password, run the @i[kpasswd] command: - at begin(example) - at tabset[3inches, +1.5inches] -host% @b([K_USER]/kpasswd) -Old password for wave@@TIM.EDU:@\@b[<--]@p[Enter your password] -New Password for wave@@TIM.EDU:@\@b[<--]@p[Enter a new password] -Verifying, please re-enter New Password for wave@@TIM.EDU: -@\@b[<--]@p[Enter new password again] -Password changed. - at end(example) -Once you have changed your password, use the @i[kinit] program as shown -above to verify that the password was properly changed. - - at section(Testing @p[kadmin]) -You should also test the function of the @i[kadmin] program, by adding a -new user (here named ``@t[username]''): - at begin(example) - at tabset[3inches, +1.5inches] -host% @b([K_USER]/kadmin) -Welcome to the Kerberos Administration Program, version 2 -Type "help" if you need it. -admin: @b(ank username)@\@p[`ank' stands for Add New Key] -Admin password: @\@b[<--]@p[enter the password -@\you chose above for wave.admin] -Password for username:@\@b[<--]@p[Enter the user's initial password] -Verifying, please re-enter Password for username:@\@b[<--]@p[enter it again] -username added to database. - -admin: quit -Cleaning up and exiting. - at end[example] - - at section(Verifying with @p[kinit]) -Once you've added a new user, you should test to make sure it was added -properly by using @i[kinit], and trying to get tickets for that user: - - at begin[example] - at tabset[3inches, +1.5inches] -host% @b([K_USER]/kinit username) -MIT Project Athena (ariadne) -Kerberos Initialization for "username@@TIM.EDU" -Password: @b[<--]@p[Enter the user's password you used above] -host% @b([K_USER]/klist) -Ticket file: /tmp/tkt_5509_spare1 -Principal: username@@TIM.MIT.EDU - - Issued Expires Principal -Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU@@TIM.EDU - at end[example] - -If you have any problems, you can examine the log files - at i[/kerberos/kerberos.log] and @i[/kerberos/admin_server.syslog] on the -Kerberos server machine to see if there was some sort of error. - - at chapter[Setting up and testing slave server(s)] - -[Unfortunately, this chapter is not yet ready. Sorry. -ed] - - at chapter[A Sample Application] - -This release of Kerberos comes with a sample application -server and a corresponding client program. -You will find this software in the [OBJ_DIR]@i[/appl/sample] directory. -The file @i[sample_client] contains the client program's executable -code, the file @i[sample_server] contains the server's executable. - -The programs are rudimentary. -When they have been installed (the installation procedure is described -in detail later), they work as follows: - at begin[itemize] -The user starts @i[sample_client] and provides as arguments -to the command the name of the server machine and a checksum. -For instance: - at begin[example] -host% @b[sample_client] @p[servername] @p[43] - at end[example] - - at i[Sample_client] contacts the server machine and -authenticates the user to @i[sample_server]. - - at i[Sample_server] authenticates itself to @i[sample_client], -then returns a message to the client program. -This message contains diagnostic information -that includes the user's username, the Kerberos realm, -and the user's workstation address. - - at i[Sample_client] displays the server's message on the user's -terminal screen. - at end[itemize] - - at section[The Installation Process] - -In general, -you use the following procedure to install a Kerberos-authenticated -server-client system. - at begin[enumerate] -Add the appropriate entry to the Kerberos database using @i[kdb_edit] or - at i[kadmin] (described below). - -Create a @i[/etc/srvtab] file for the server machine. - -Install the service program and the @i[/etc/srvtab] -file on the server machine. - -Install the client program on the client machine. - -Update the @i[/etc/services] file on the client and server machines. - at end[enumerate] - -We will use the sample application as an example, although -the procedure used to install @i[sample_server] differs slightly -from the general case because the @i[sample_server] -takes requests via the - at i[inetd] program. - at i[Inetd] starts @i[sample_server] each time -a client process contacts the server machine. - at i[Sample_server] processes the request, -terminiates, then is restarted when @i[inetd] receives another - at i[sample_client] request. -When you install the program on the server, -you must add a @i[sample] entry to the server machine's - at i[/etc/inetd.conf] file. - -The following description assumes that you are installing - at i[sample_server] on the machine @i[ariadne.tim.edu]. -Here's the process, step by step: - at begin[enumerate] -Login as or @i[su] to root on the Kerberos server machine. -Use the @i[kdb_edit] or @i[kadmin] program to create an entry for - at i[sample] in the Kerberos database: - at begin[example, rightmargin -10] - at tabset[2.0inches, +.5inches] -host# @b([ADMIN_DIR]/kdb_edit) - -Opening database... - -Enter Kerberos master key: -Verifying, please re-enter -master key entered. BEWARE! -Previous or default values are in [brackets] , -enter return to leave the same, or new value. - -Principal name: @b[sample]@\@b[<--] @p[Enter the principal name.] -Instance: @b[ariadne]@\@b[<--] @p[Instances cannot have periods in them.] - -, Create [y] ? @b[y] - -Principal: sample_server Instance: ariadne m_key_v: 1 -New Password:@\@b[<--] @p[Enter ``RANDOM'' to get random password.] -Verifying, please re-enter -New Password:@\@b[<--] @p[Enter ``RANDOM'' again.] -Random password [y] ? @b[y] - -Principal's new key version = 1 -Expiration date (enter dd-mm-yy) [ 12/31/99 ] ? -Max ticket lifetime (*5 minutes) [ 255 ] ? -Attributes [ 0 ] ? -Edit O.K. - -Principal name:@\@b[<--] @p[Enter newline to exit kdb_edit.] - at end[example] - -Use the @i[ext_srvtab] program to create a @i[srvtab] file -for @i[sample_server]'s host machine: - at begin[example] -host# @b([ADMIN_DIR]/ext_srvtab ariadne) - -Enter Kerberos master key: -Current Kerberos master key version is 1. - -Generating 'ariadne-new-srvtab'.... - at end[example] -Transfer the @i[ariadne-new-srvtab] file to @i[ariadne] and install it as - at i[/etc/srvtab]. -Note that this file is equivalent to the service's password and should -be treated with care. -For example, it could be transferred by removable media, but should -not be sent over an open network in the clear. -Once installed, this file should be readable only by root. - -Add the following line to the @i[/etc/services] file on - at i[ariadne], and on all machines that -will run the @i[sample_client] program: - at begin[example] -sample 906/tcp # Kerberos sample app server - at end[example] - -Add a line similar to the following line to the @i[/etc/inetd.conf] -file on @i[sample_server]'s machine: - at begin[example] -sample stream tcp nowait switched root - [PATH]/sample_server sample_server - at end[example] -where [PATH] should be substituted with -the path to the @i[sample_server] program. -(This @i[inetd.conf] information should be placed on one line.) -You should examine existing lines in @i[/etc/inetd.conf] and use the -same format used by other entries (e.g. for telnet). Most systems do -not have a column for the `switched' keyword, and some do not have a -column for the username (usually `root', as above). - -Restart @i[inetd] by sending the current @i[inetd] process -a hangup signal: - at begin[example] -host# @b[kill -HUP @p(process_id_number)] - at end[example] - -The @i[sample_server] is now ready to take @i[sample_client] requests. - at end[enumerate] - - at section[Testing the Sample Server] - -Assume that you have installed @i[sample_server] on @i[ariadne]. - -Login to your workstation and use the @i[kinit] command to -obtain a Kerberos ticket-granting ticket: - at begin[example] - at tabset[3 inches] -host% @b([K_USER]/kinit) -MIT Project Athena, (your_workstation) -Kerberos Initialization -Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.] -Password: @\@b[<--] @p[Enter your Kerberos password.] - at end[example] - -Now use the @i[sample_client] program as follows: - at begin[example] -host% @b([PATH]/sample_client ariadne) - at end[example] -The command should display something like the following: - at begin[example] -The server says: -You are @p[yourusername].@@REALMNAME (local name @p[yourusername]), - at address @p[yournetaddress], version VERSION9, cksum 997 - at end[example] - - at chapter[Service names and other services] - - at section(rlogin, rsh, rcp, tftp, and others) - -Many services use a common principal name for authentication purposes. - at i[rlogin], @i[rsh], @i[rcp], @i[tftp] and others use the principal name -``@t[rcmd]''. For example, to set up the machine @i[ariadne] to support -Kerberos rlogin, it needs to have a service key for principal -``@t[rcmd]'', instance ``@t[ariadne]''. You create this key in the same -way as shown above for the sample service. - -After creating this key, you need to run the @i[ext_srvtab] program -again to generate a new srvtab file for ariadne. - - at section(NFS modifications) - -The NFS modifications distributed separately use the service name -``@t[rvdsrv]'' with the instance set to the machine name (as for the -sample server and the rlogin, rsh, rcp and tftp services). - - at section(inetd.conf entries) -The following are the @i(/etc/inetd.conf) entries necessary to support -rlogin, encrypted rlogin, rsh, and rcp services on a server machine. As -above, your @i(inetd.conf) may not support all the fields shown here. - at begin[example] -eklogin stream tcp nowait unswitched root - [PATH]/klogind eklogind -kshell stream tcp nowait unswitched root - [PATH]/kshd kshd -klogin stream tcp nowait unswitched root - [PATH]/klogind klogind - at end[example] Modified: branches/mskrb-integ/src/Makefile.in =================================================================== --- branches/mskrb-integ/src/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -9,7 +9,7 @@ # plugins/preauth/wpse # plugins/preauth/cksum_body # plugins/authdata/greet -SUBDIRS=util include lib @krb524@ kdc kadmin @ldap_plugin_dir@ slave clients \ +SUBDIRS=util include lib kdc kadmin @ldap_plugin_dir@ slave clients \ plugins/kdb/db2 \ plugins/preauth/pkinit \ appl tests \ @@ -195,7 +195,6 @@ clients\kpasswd\Makefile clients\kvno\Makefile \ clients\kcpytkt\Makefile clients\kdeltkt\Makefile \ include\Makefile \ - krb524\Makefile \ lib\Makefile lib\crypto\Makefile \ lib\crypto\crc32\Makefile lib\crypto\des\Makefile \ lib\crypto\dk\Makefile lib\crypto\enc_provider\Makefile \ @@ -205,10 +204,10 @@ lib\crypto\sha1\Makefile lib\crypto\arcfour\Makefile \ lib\crypto\md4\Makefile lib\crypto\md5\Makefile \ lib\crypto\yarrow\Makefile lib\crypto\aes\Makefile \ - lib\des425\Makefile \ lib\gssapi\Makefile lib\gssapi\generic\Makefile \ lib\gssapi\krb5\Makefile lib\gssapi\mechglue\Makefile \ - lib\krb4\Makefile lib\krb5\Makefile \ + lib\gssapi\spnego\Makefile \ + lib\krb5\Makefile \ lib\krb5\asn.1\Makefile lib\krb5\ccache\Makefile \ lib\krb5\ccache\ccapi\Makefile \ lib\krb5\error_tables\Makefile \ @@ -259,8 +258,6 @@ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##include\Makefile: include\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##krb524\Makefile: krb524\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\Makefile: lib\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\Makefile: lib\crypto\Makefile.in $(MKFDEP) @@ -293,8 +290,6 @@ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\raw\Makefile: lib\crypto\raw\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##lib\des425\Makefile: lib\des425\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\Makefile: lib\gssapi\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\generic\Makefile: lib\gssapi\generic\Makefile.in $(MKFDEP) @@ -303,8 +298,6 @@ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\krb5\Makefile: lib\gssapi\krb5\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##lib\krb4\Makefile: lib\krb4\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\Makefile: lib\krb5\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\asn.1\Makefile: lib\krb5\asn.1\Makefile.in $(MKFDEP) @@ -392,14 +385,14 @@ clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \ clients/kpasswd/* clients/kcpytkt/* clients/kdeltkt/* \ config/* include/* include/kerberosIV/* \ - include/krb5/* include/krb5/stock/* include/sys/* krb524/* lib/* \ + include/krb5/* include/krb5/stock/* include/sys/* lib/* \ lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \ lib/crypto/enc_provider/* lib/crypto/hash_provider/* \ lib/crypto/keyhash_provider/* lib/crypto/old/* lib/crypto/raw/* \ lib/crypto/sha1/* lib/crypto/arcfour/* lib/crypto/md4/* \ lib/crypto/md5/* lib/crypto/yarrow/* \ - lib/des425/* lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \ - lib/gssapi/mechglue/* lib/gssapi/spnego/* lib/krb4/* \ + lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \ + lib/gssapi/mechglue/* lib/gssapi/spnego/* \ lib/krb5/* lib/krb5/asn.1/* lib/krb5/krb/* \ lib/krb5/ccache/* lib/krb5/ccache/ccapi/* \ lib/krb5/error_tables/* \ @@ -439,12 +432,9 @@ $(INC)krb5_err.h $(ET)krb5_err.c \ $(INC)kv5m_err.h $(ET)kv5m_err.c \ $(INC)krb524_err.h $(ET)krb524_err.c \ - $(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \ - $(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \ $(PR)prof_err.h $(PR)prof_err.c \ $(GG)gssapi_err_generic.h $(GG)gssapi_err_generic.c \ - $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c \ - lib/krb4/krb_err_txt.c + $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c HOUT = $(INC)krb5\krb5.h $(GG)gssapi.h $(PR)profile.h @@ -499,10 +489,6 @@ $(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et $(INC)krb524_err.h: $(AH) $(ET)krb524_err.et $(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et -$(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et - $(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et -$(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et - $(AWK) -f $(AH) outfile=$@ lib/krb4/krb_err.et $(PR)prof_err.h: $(AH) $(PR)prof_err.et $(AWK) -f $(AH) outfile=$@ $(PR)prof_err.et $(GG)gssapi_err_generic.h: $(AH) $(GG)gssapi_err_generic.et @@ -524,10 +510,6 @@ $(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et $(ET)krb524_err.c: $(AC) $(ET)krb524_err.et $(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et -lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et - $(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et -lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et - $(AWK) -f $(AC) outfile=$@ lib/krb4/krb_err.et $(PR)prof_err.c: $(AC) $(PR)prof_err.et $(AWK) -f $(AC) outfile=$@ $(PR)prof_err.et $(GG)gssapi_err_generic.c: $(AC) $(GG)gssapi_err_generic.et @@ -539,10 +521,6 @@ $(CE)test2.c: $(AC) $(CE)test2.et $(AWK) -f $(AC) outfile=$@ $(CE)test2.et -lib/krb4/krb_err_txt.c: lib/krb4/krb_err.et - $(AWK) -f lib/krb4/et_errtxt.awk outfile=$@ \ - lib/krb4/krb_err.et - KRBHDEP = $(INC)krb5\krb5.hin $(INC)krb5_err.h $(INC)kdb5_err.h \ $(INC)kv5m_err.h $(INC)krb524_err.h $(INC)asn1_err.h @@ -613,8 +591,6 @@ $(CP) clients\kcpytkt\$(OUTPRE)kcpytkt.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kdeltkt\$(OUTPRE)kdeltkt.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe "$(KRB_INSTALL_DIR)\bin\." - @if exist "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" del "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" - @if exist "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" del "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" install-unix:: $(INSTALL_SCRIPT) krb5-config \ Modified: branches/mskrb-integ/src/aclocal.m4 =================================================================== --- branches/mskrb-integ/src/aclocal.m4 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/aclocal.m4 2009-01-03 03:00:25 UTC (rev 21678) @@ -74,7 +74,6 @@ if test -z "$LD" ; then LD=$CC; fi AC_ARG_VAR(LD,[linker command [CC]]) AC_SUBST(LDFLAGS) dnl -WITH_KRB4 dnl KRB5_AC_CHOOSE_ET dnl KRB5_AC_CHOOSE_SS dnl KRB5_AC_CHOOSE_DB dnl @@ -502,61 +501,6 @@ AC_DEFINE_UNQUOTED($ac_tr_file) $2], $3)dnl done ]) -dnl -dnl set $(KRB4) from --with-krb4=value -- WITH_KRB4 -dnl -AC_DEFUN(WITH_KRB4,[ -AC_ARG_WITH([krb4], -[ --without-krb4 omit Kerberos V4 backwards compatibility (default) - --with-krb4 use V4 libraries included with V5 - --with-krb4=KRB4DIR use preinstalled V4 libraries], -, -withval=no -)dnl -if test $withval = no; then - AC_MSG_NOTICE(no krb4 support) - KRB4_LIB= - KRB4_DEPLIB= - KRB4_INCLUDES= - KRB4_LIBPATH= - KRB_ERR_H_DEP= - krb5_cv_build_krb4_libs=no - krb5_cv_krb4_libdir= -else - AC_DEFINE([KRB5_KRB4_COMPAT], 1, [Define this if building with krb4 compat]) - if test $withval = yes; then - AC_MSG_NOTICE(enabling built in krb4 support) - KRB4_DEPLIB='$(TOPLIBD)/libkrb4$(DEPLIBEXT)' - KRB4_LIB=-lkrb4 - KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV' - KRB4_LIBPATH= - KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h' - krb5_cv_build_krb4_libs=yes - krb5_cv_krb4_libdir= - else - AC_MSG_NOTICE(using preinstalled krb4 in $withval) - KRB4_LIB="-lkrb" -dnl DEPKRB4_LIB="$withval/lib/libkrb.a" - KRB4_INCLUDES="-I$withval/include" - KRB4_LIBPATH="-L$withval/lib" - KRB_ERR_H_DEP= - krb5_cv_build_krb4_libs=no - krb5_cv_krb4_libdir="$withval/lib" - fi -fi -AC_SUBST(KRB4_INCLUDES) -AC_SUBST(KRB4_LIBPATH) -AC_SUBST(KRB4_LIB) -AC_SUBST(KRB4_DEPLIB) -AC_SUBST(KRB_ERR_H_DEP) -dnl We always compile the des425 library -DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)' -DES425_LIB=-ldes425 -AC_SUBST(DES425_DEPLIB) -AC_SUBST(DES425_LIB) -])dnl -dnl -dnl AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[ AC_BEFORE([$0],[AC_PROG_CC]) AC_BEFORE([$0],[AC_PROG_CXX]) Modified: branches/mskrb-integ/src/appl/simple/client/sim_client.c =================================================================== --- branches/mskrb-integ/src/appl/simple/client/sim_client.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/appl/simple/client/sim_client.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -330,7 +330,7 @@ com_err(progname, retval, "while deleting replay cache"); exit(1); } - + krb5_auth_con_setrcache(context, auth_context, NULL); krb5_auth_con_free(context, auth_context); krb5_free_context(context); Modified: branches/mskrb-integ/src/config/pre.in =================================================================== --- branches/mskrb-integ/src/config/pre.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/config/pre.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -325,8 +325,6 @@ KDB5_DEPLIB = $(TOPLIBD)/libkdb5$(DEPLIBEXT) GSSRPC_DEPLIB = $(TOPLIBD)/libgssrpc$(DEPLIBEXT) GSS_DEPLIB = $(TOPLIBD)/libgssapi_krb5$(DEPLIBEXT) -KRB4_DEPLIB = @KRB4_DEPLIB@ # $(TOPLIBD)/libkrb4$(DEPLIBEXT) -DES425_DEPLIB = @DES425_DEPLIB@ # $(TOPLIBD)/libdes425$(DEPLIBEXT) KRB5_DEPLIB = $(TOPLIBD)/libkrb5$(DEPLIBEXT) CRYPTO_DEPLIB = $(TOPLIBD)/libk5crypto$(DEPLIBEXT) COM_ERR_DEPLIB = $(COM_ERR_DEPLIB- at COM_ERR_VERSION@) @@ -344,7 +342,6 @@ APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) -KRB4COMPAT_DEPLIBS = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS) KDB5_DEPLIBS = $(KDB5_DEPLIB) GSS_DEPLIBS = $(GSS_DEPLIB) GSSRPC_DEPLIBS = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS) @@ -365,11 +362,6 @@ SS_DEPS-sys = SS_DEPS-k5 = $(BUILDTOP)/include/ss/ss.h $(BUILDTOP)/include/ss/ss_err.h -# Header file dependencies that might depend on whether krb4 support -# is compiled. - -KRB_ERR_H_DEP = @KRB_ERR_H_DEP@ - # LIBS gets substituted in... e.g. -lnsl -lsocket # GEN_LIB is -lgen if needed for regexp @@ -388,19 +380,10 @@ GSS_KRB5_LIB = -lgssapi_krb5 SUPPORT_LIB = -l$(SUPPORT_LIBNAME) -# KRB4_LIB is -lkrb4 if building --with-krb4 -# needs fixing if ever used on Mac OS X! -KRB4_LIB = @KRB4_LIB@ - -# DES425_LIB is -ldes425 if building --with-krb4 -# needs fixing if ever used on Mac OS X! -DES425_LIB = @DES425_LIB@ - # HESIOD_LIBS is -lhesiod... HESIOD_LIBS = @HESIOD_LIBS@ KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) -KRB4COMPAT_LIBS = $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS) KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) GSS_LIBS = $(GSS_KRB5_LIB) # needs fixing if ever used on Mac OS X! @@ -421,11 +404,6 @@ APPUTILS_LIB = -lapputils # -# some more stuff for --with-krb4 -KRB4_LIBPATH = @KRB4_LIBPATH@ -KRB4_INCLUDES = @KRB4_INCLUDES@ - -# # variables for --with-tcl= TCL_LIBS = @TCL_LIBS@ TCL_LIBPATH = @TCL_LIBPATH@ Modified: branches/mskrb-integ/src/config-files/krb5.conf.M =================================================================== --- branches/mskrb-integ/src/config-files/krb5.conf.M 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/config-files/krb5.conf.M 2009-01-03 03:00:25 UTC (rev 21678) @@ -201,6 +201,16 @@ General flag controlling the use of DNS for Kerberos information. If both of the preceding options are specified, this option has no effect. +.IP realm_try_domains +Indicate whether a host's domain components should be used to +determine the Kerberos realm of the host. The value of this variable +is an integer: -1 means not to search, 0 means to try the host's +domain itself, 1 means to also try the domain's immediate parent, and +so forth. The library's usual mechanism for locating Kerberos realms +is used to determine whether a domain is a valid realm--which may +involve consulting DNS if dns_lookup_kdc is set. The default is not +to search domain components. + .IP extra_addresses This allows a computer to use multiple local addresses, in order to allow Kerberos to work in a network that uses NATs. The addresses should Modified: branches/mskrb-integ/src/configure.in =================================================================== --- branches/mskrb-integ/src/configure.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/configure.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -55,20 +55,6 @@ AC_ARG_ENABLE([athena], [ --enable-athena build with MIT Project Athena configuration],,) dnl -if test -z "$KRB4_LIB"; then -kadminv4="" -krb524="" -libkrb4="" -KRB4="" -else -kadminv4=kadmin.v4 -krb524=krb524 -libkrb4=lib/krb4 -KRB4=krb4 -fi -AC_SUBST(KRB4) -AC_SUBST(krb524) -dnl dnl Begin autoconf tests for the Makefiles generated out of the top-level dnl configure.in... dnl @@ -168,7 +154,6 @@ AC_SUBST(FAKEKA) KRB5_RUN_FLAGS dnl -dnl for krb524 AC_TYPE_SIGNAL dnl dnl from old include/configure.in @@ -586,15 +571,6 @@ [ --enable-athena build with MIT Project Athena configuration], AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),) -if test "$KRB4_LIB" = ''; then - AC_MSG_NOTICE(No Kerberos 4 compatibility) - maybe_kerberosIV= -else - AC_MSG_NOTICE(Kerberos 4 compatibility enabled) - maybe_kerberosIV=kerberosIV - AC_DEFINE(KRB5_KRB4_COMPAT,1,[Define if Kerberos V4 backwards compatibility should be supported]) -fi -AC_SUBST(maybe_kerberosIV) dnl AC_C_INLINE AH_TOP([ @@ -700,11 +676,6 @@ fi AC_SUBST(DO_TEST) dnl -DO_V4_TEST= -if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != "" -a "$ath_compat" != ""; then - DO_V4_TEST=ok -fi -AC_SUBST(DO_V4_TEST) dnl The following are substituted into kadmin/testing/scripts/env-setup.sh RBUILD=`pwd` AC_SUBST(RBUILD) @@ -726,25 +697,6 @@ AC_CHECK_PROG(RUNTEST,runtest,runtest) AC_CHECK_PROG(PERL,perl,perl) dnl -dnl -dnl for lib/krb4 -case $krb5_cv_host in - *-apple-darwin*) - KRB_ERR_TXT= - KRB_ERR= - KRB_ERR_C=krb_err.c - ;; - *) - KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)' - KRB_ERR_TXT=krb_err_txt.c - KRB_ERR_C= - ;; -esac -AC_SUBST([KRB_ERR_TXT]) -AC_SUBST([KRB_ERR]) -AC_SUBST([KRB_ERR_C]) -dnl -dnl dnl lib/gssapi AC_CHECK_HEADER(stdint.h,[ include_stdint='awk '\''END{printf("%cinclude \n", 35);}'\'' < /dev/null'], @@ -970,13 +922,6 @@ HAVE_RUNTEST=no fi AC_SUBST(HAVE_RUNTEST) -if test "$KRB4_LIB" = ''; then - KRB4_DEJAGNU_TEST="KRBIV=0" -else - AC_MSG_RESULT(Kerberos 4 testing enabled) - KRB4_DEJAGNU_TEST="KRBIV=1" -fi -AC_SUBST(KRB4_DEJAGNU_TEST) dnl for plugins/kdb/db2 dnl @@ -1052,9 +997,6 @@ if test "$SS_VERSION" = k5 ; then K5_GEN_MAKEFILE(util/ss) fi -if test -n "$KRB4_LIB"; then - K5_GEN_MAKEFILE(lib/krb4) -fi dnl dnl ldap_plugin_dir="" @@ -1109,7 +1051,7 @@ util util/support util/profile util/send-pr - lib lib/des425 lib/kdb + lib lib/kdb lib/crypto lib/crypto/crc32 lib/crypto/des lib/crypto/dk lib/crypto/enc_provider lib/crypto/hash_provider @@ -1130,8 +1072,7 @@ lib/apputils - kdc slave krb524 config-files gen-manpages include - include/kerberosIV + kdc slave config-files gen-manpages include plugins/locate/python plugins/kdb/db2 Modified: branches/mskrb-integ/src/include/Makefile.in =================================================================== --- branches/mskrb-integ/src/include/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,7 +1,6 @@ thisconfigdir=.. myfulldir=include mydir=include -SUBDIRS=@maybe_kerberosIV@ BUILDTOP=$(REL).. KRB5RCTMPDIR= @KRB5_RCTMPDIR@ ##DOSBUILDTOP = .. Deleted: branches/mskrb-integ/src/include/kerberosIV/Makefile.in =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,23 +0,0 @@ -thisconfigdir=./../.. -myfulldir=include/kerberosIV -mydir=include/kerberosIV -BUILDTOP=$(REL)..$(S).. -KRB4_HEADERS=krb.h des.h mit-copyright.h - -all-unix:: krb_err.h kadm_err.h - -krb_err.h: $(SRCTOP)/lib/krb4/krb_err.et -kadm_err.h: $(SRCTOP)/lib/krb4/kadm_err.et -krb_err.h kadm_err.h: rebuild-k4-error-tables; : $@ -rebuild-k4-error-tables: - (cd $(BUILDTOP)/lib/krb4 && $(MAKE) includes) - -clean-unix:: - $(RM) krb_err.h kadm_err.h - -install-headers-unix install:: krb_err.h kadm_err.h - @set -x; for f in $(KRB4_HEADERS) ; \ - do $(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(KRB5_INCDIR)/kerberosIV/$$f ; \ - done - $(INSTALL_DATA) krb_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)krb_err.h - $(INSTALL_DATA) kadm_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)kadm_err.h Deleted: branches/mskrb-integ/src/include/kerberosIV/addr_comp.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/addr_comp.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/addr_comp.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,52 +0,0 @@ -/* - * include/kerberosIV/addr_comp.h - * - * Copyright 1987-1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for address comparison macros. - */ - -#ifndef ADDR_COMP_DEFS -#define ADDR_COMP_DEFS - -/* -** Look boys and girls, a big kludge -** We need to compare the two internet addresses in network byte order, not -** local byte order. This is a *really really slow way of doing that* -** But..... -** .....it works -** so we run with it -** -** long_less_than gets fed two (u_char *)'s.... -*/ - -#define u_char_comp(x,y) \ - (((x)>(y))?(1):(((x)==(y))?(0):(-1))) - -#define long_less_than(x,y) \ - (u_char_comp((x)[0],(y)[0])?u_char_comp((x)[0],(y)[0]): \ - (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \ - (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \ - (u_char_comp((x)[3],(y)[3]))))) - -#endif /* ADDR_COMP_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/admin_server.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/admin_server.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/admin_server.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,58 +0,0 @@ -/* - * include/kerberosIV/admin_server.h - * - * Copyright 1987-1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#ifndef ADMIN_SERVER_DEFS -#define ADMIN_SERVER_DEFS - -#define PW_SRV_VERSION 2 /* version number */ - -#define INSTALL_NEW_PW (1<<0) /* - * ver, cmd, name, password, - * old_pass, crypt_pass, uid - */ - -#define ADMIN_NEW_PW (2<<1) /* - * ver, cmd, name, passwd, - * old_pass - * (grot), crypt_pass (grot) - */ - -#define ADMIN_SET_KDC_PASSWORD (3<<1) /* ditto */ -#define ADMIN_ADD_NEW_KEY (4<<1) /* ditto */ -#define ADMIN_ADD_NEW_KEY_ATTR (5<<1) /* - * ver, cmd, name, passwd, - * inst, attr (grot) - */ -#define INSTALL_REPLY (1<<1) /* ver, cmd, name, password */ -#define RETRY_LIMIT 1 -#define TIME_OUT 30 -#define USER_TIMEOUT 90 -#define MAX_KPW_LEN 40 - -#define KADM "changepw" /* service name */ - -#endif /* ADMIN_SERVER_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/des.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/des.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/des.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,237 +0,0 @@ -/* - * include/kerberosIV/des.h - * - * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Data Encryption Standard library. - */ - -#if defined(__MACH__) && defined(__APPLE__) -#include -#include -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) -#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to DES types and functions */ -/* Currently only defined on Mac OS X 10.5 and later. */ -#ifndef KRB5INT_DES_DEPRECATED -#define KRB5INT_DES_DEPRECATED -#endif - -#ifdef __cplusplus -#ifndef KRBINT_BEGIN_DECLS -#define KRBINT_BEGIN_DECLS extern "C" { -#define KRBINT_END_DECLS } -#endif -#else -#define KRBINT_BEGIN_DECLS -#define KRBINT_END_DECLS -#endif - -#ifndef KRB5INT_DES_TYPES_DEFINED -#define KRB5INT_DES_TYPES_DEFINED - -#include - -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -#if UINT_MAX >= 0xFFFFFFFFUL -#define DES_INT32 int -#define DES_UINT32 unsigned int -#else -#define DES_INT32 long -#define DES_UINT32 unsigned long -#endif - -typedef unsigned char des_cblock[8] /* crypto-block size */ -KRB5INT_DES_DEPRECATED; - -/* - * Key schedule. - * - * This used to be - * - * typedef struct des_ks_struct { - * union { DES_INT32 pad; des_cblock _;} __; - * } des_key_schedule[16]; - * - * but it would cause trouble if DES_INT32 were ever more than 4 - * bytes. The reason is that all the encryption functions cast it to - * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If - * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the - * caller-allocated des_key_schedule will be overflowed by the key - * scheduling functions. We can't assume that every platform will - * have an exact 32-bit int, and nothing should be looking inside a - * des_key_schedule anyway. - */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] -KRB5INT_DES_DEPRECATED; - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB5INT_DES_TYPES_DEFINED */ - -/* only do the whole thing once */ -#ifndef DES_DEFS -/* - * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily - * to avoid including the defintions and declarations below. The - * reason that the crypto library needs to include this file is that - * it needs to have its types aligned with krb4's types. - */ -#ifndef KRB5INT_CRYPTO_DES_INT -#define DES_DEFS - -#if defined(_WIN32) -#ifndef KRB4 -#define KRB4 1 -#endif -#include -#endif -#include /* need FILE for des_cblock_print_file */ - -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -/* Windows declarations */ -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif - -#define DES_KEY_SZ (sizeof(des_cblock)) -#define DES_ENCRYPT 1 -#define DES_DECRYPT 0 - -#ifndef NCOMPAT -#define C_Block des_cblock -#define Key_schedule des_key_schedule -#define ENCRYPT DES_ENCRYPT -#define DECRYPT DES_DECRYPT -#define KEY_SZ DES_KEY_SZ -#define string_to_key des_string_to_key -#define read_pw_string des_read_pw_string -#define random_key des_random_key -#define pcbc_encrypt des_pcbc_encrypt -#define key_sched des_key_sched -#define cbc_encrypt des_cbc_encrypt -#define cbc_cksum des_cbc_cksum -#define C_Block_print des_cblock_print -#define quad_cksum des_quad_cksum -typedef struct des_ks_struct bit_64; -#endif - -#define des_cblock_print(x) des_cblock_print_file(x, stdout) - -/* - * Function Prototypes - */ - -int KRB5_CALLCONV des_key_sched (C_Block, Key_schedule) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV -des_pcbc_encrypt (C_Block *in, C_Block *out, long length, - const des_key_schedule schedule, C_Block *ivec, - int enc) -KRB5INT_DES_DEPRECATED; - -unsigned long KRB5_CALLCONV -des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out, - long length, int out_count, C_Block *seed) -KRB5INT_DES_DEPRECATED; - -/* - * XXX ABI change: used to return void; also, cns/kfm have signed long - * instead of unsigned long length. - */ -unsigned long KRB5_CALLCONV -des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long, - const des_key_schedule, const des_cblock *) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_string_to_key (const char *, C_Block) -KRB5INT_DES_DEPRECATED; - -void afs_string_to_key(char *, char *, des_cblock) -KRB5INT_DES_DEPRECATED; - -/* XXX ABI change: used to return krb5_error_code */ -int KRB5_CALLCONV des_read_password(des_cblock *, char *, int) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *, - const des_key_schedule, int) -KRB5INT_DES_DEPRECATED; - -/* XXX kfm/cns have signed long length */ -int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long, - const des_key_schedule, const des_cblock *, int) -KRB5INT_DES_DEPRECATED; - -void des_fixup_key_parity(des_cblock) -KRB5INT_DES_DEPRECATED; - -int des_check_key_parity(des_cblock) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_new_random_key(des_cblock) -KRB5INT_DES_DEPRECATED; - -void des_init_random_number_generator(des_cblock) -KRB5INT_DES_DEPRECATED; - -int des_random_key(des_cblock *) -KRB5INT_DES_DEPRECATED; - -int des_is_weak_key(des_cblock) -KRB5INT_DES_DEPRECATED; - -void des_cblock_print_file(des_cblock *, FILE *fp) -KRB5INT_DES_DEPRECATED; - - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB5INT_CRYPTO_DES_INT */ -#endif /* DES_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/kadm.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/kadm.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/kadm.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,194 +0,0 @@ -/* - * include/kerberosIV/kadm.h - * - * Copyright 1988, 1994, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Definitions for Kerberos administration server & client. These - * should be considered private; among other reasons, it leaks all - * over the namespace. - */ - -#ifndef KADM_DEFS -#define KADM_DEFS - -/* - * kadm.h - * Header file for the fourth attempt at an admin server - * Doug Church, December 28, 1989, MIT Project Athena - */ - -#include -#include "port-sockets.h" -#include -#include - -/* for those broken Unixes without this defined... should be in sys/param.h */ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif - -/* The global structures for the client and server */ -typedef struct { - struct sockaddr_in admin_addr; - struct sockaddr_in my_addr; - int my_addr_len; - int admin_fd; /* file descriptor for link to admin server */ - char sname[ANAME_SZ]; /* the service name */ - char sinst[INST_SZ]; /* the services instance */ - char krbrlm[REALM_SZ]; - /* KfM additions... */ - int default_port; - CREDENTIALS creds; /* The client's credentials (from krb_get_pw_in_tkt_creds)*/ -} Kadm_Client; - -typedef struct { /* status of the server, i.e the parameters */ - int inter; /* Space for command line flags */ - char *sysfile; /* filename of server */ -} admin_params; /* Well... it's the admin's parameters */ - -/* Largest password length to be supported */ -#define MAX_KPW_LEN 128 - -/* Largest packet the admin server will ever allow itself to return */ -#define KADM_RET_MAX 2048 - -/* That's right, versions are 8 byte strings */ -#define KADM_VERSTR "KADM0.0A" -#define KADM_ULOSE "KYOULOSE" /* sent back when server can't - decrypt client's msg */ -#define KADM_VERSIZE strlen(KADM_VERSTR) - -/* the lookups for the server instances */ -#define PWSERV_NAME "changepw" -#define KADM_SNAME "kerberos_master" -#define KADM_SINST "kerberos" - -/* Attributes fields constants and macros */ -#define ALLOC 2 -#define RESERVED 3 -#define DEALLOC 4 -#define DEACTIVATED 5 -#define ACTIVE 6 - -/* Kadm_vals structure for passing db fields into the server routines */ -#define FLDSZ 4 - -typedef struct { - u_char fields[FLDSZ]; /* The active fields in this struct */ - char name[ANAME_SZ]; - char instance[INST_SZ]; - KRB_UINT32 key_low; - KRB_UINT32 key_high; - KRB_UINT32 exp_date; - unsigned short attributes; - unsigned char max_life; -} Kadm_vals; /* The basic values structure in Kadm */ - -/* Kadm_vals structure for passing db fields into the server routines */ -#define FLDSZ 4 - -/* Need to define fields types here */ -#define KADM_NAME 31 -#define KADM_INST 30 -#define KADM_EXPDATE 29 -#define KADM_ATTR 28 -#define KADM_MAXLIFE 27 -#define KADM_DESKEY 26 - -/* To set a field entry f in a fields structure d */ -#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) - -/* To set a field entry f in a fields structure d */ -#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) - -/* Is field f in fields structure d */ -#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) - -/* Various return codes */ -#define KADM_SUCCESS 0 - -#define WILDCARD_STR "*" - -enum acl_types { -ADDACL, -GETACL, -MODACL, -STABACL, -DELACL -}; - -/* Various opcodes for the admin server's functions */ -#define CHANGE_PW 2 -#define ADD_ENT 3 -#define MOD_ENT 4 -#define GET_ENT 5 -#define CHECK_PW 6 -#define CHG_STAB 7 -/* Cygnus principal-deletion support */ -#define KADM_CYGNUS_EXT_BASE 64 -#define DEL_ENT (KADM_CYGNUS_EXT_BASE+1) - -#ifdef POSIX -typedef void sigtype; -#else -typedef int sigtype; -#endif - -/* Avoid stomping on namespace... */ - -#define vals_to_stream kadm_vals_to_stream -#define build_field_header kadm_build_field_header -#define vts_string kadm_vts_string -#define vts_short kadm_vts_short -#define vts_long kadm_vts_long -#define vts_char kadm_vts_char - -#define stream_to_vals kadm_stream_to_vals -#define check_field_header kadm_check_field_header -#define stv_string kadm_stv_string -#define stv_short kadm_stv_short -#define stv_long kadm_stv_long -#define stv_char kadm_stv_char - -int vals_to_stream(Kadm_vals *, u_char **); -int build_field_header(u_char *, u_char **); -int vts_string(char *, u_char **, int); -int vts_short(KRB_UINT32, u_char **, int); -int vts_long(KRB_UINT32, u_char **, int); -int vts_char(KRB_UINT32, u_char **, int); - -int stream_to_vals(u_char *, Kadm_vals *, int); -int check_field_header(u_char *, u_char *, int); -int stv_string(u_char *, char *, int, int, int); -int stv_short(u_char *, u_short *, int, int); -int stv_long(u_char *, KRB_UINT32 *, int, int); -int stv_char(u_char *, u_char *, int, int); - -int kadm_init_link(char *, char *, char *, Kadm_Client *, int); -int kadm_cli_send(Kadm_Client *, u_char *, size_t, u_char **, size_t *); -int kadm_cli_conn(Kadm_Client *); -void kadm_cli_disconn(Kadm_Client *); -int kadm_cli_out(Kadm_Client *, u_char *, int, u_char **, size_t *); -int kadm_cli_keyd(Kadm_Client *, des_cblock, des_key_schedule); - -#endif /* KADM_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/kdc.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/kdc.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/kdc.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,55 +0,0 @@ -/* - * include/kerberosIV/kdc.h - * - * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Kerberos Key Distribution Center. - */ - -#ifndef KDC_DEFS -#define KDC_DEFS - -#define S_AD_SZ sizeof(struct sockaddr_in) - -#ifdef notdef -#define max(a,b) (a>b ? a : b) -#define min(a,b) (a='0') && (CH<='7') ) -#define ISQUOTE(CH) ( (CH=='\"') || (CH=='\'') || (CH=='`') ) -#define ISWHITESPACE(C) ( (C==' ') || (C=='\t') ) -#define ISLINEFEED(C) ( (C=='\n') || (C=='\r') || (C=='\f') ) - -/* - * tokens consist of any printable charcacter except comma, equal, or - * whitespace - */ - -#define ISTOKENCHAR(C) ((C>040) && (C<0177) && (C != ',') && (C != '=')) - -/* - * the parameter table defines the keywords that will be recognized by - * fGetParameterSet, and their default values if not specified. - */ - -typedef struct { - char *keyword; - char *defvalue; - char *value; -} parmtable; - -#define PARMCOUNT(P) (sizeof(P)/sizeof(P[0])) - -int fGetChar (FILE *fp); -int fGetParameterSet (FILE *fp, parmtable parm[], int parmcount); -int ParmCompare (parmtable parm[], int parmcount, char *keyword, char *value); - -void FreeParameterSet (parmtable parm[], int parmcount); - -int fGetKeywordValue (FILE *fp, char *keyword, int klen, char *value, int vlen); - -int fGetToken (FILE *fp, char *dest, int maxlen); - -int fGetLiteral (FILE *fp); - -int fUngetChar (int ch, FILE *fp); - -#endif /* KPARSE_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/krb.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/krb.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/krb.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,924 +0,0 @@ -/* - * include/kerberosIV/krb.h - * - * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Kerberos V4 library. - */ - -/* Only one time, please */ -#ifndef KRB_DEFS -#define KRB_DEFS - -/* - * For MacOS, don't expose prototypes of various private functions. - * Unfortuantely, they've leaked out everywhere else. - */ -#if defined(__MACH__) && defined(__APPLE__) -#include -#include -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#ifndef KRB_PRIVATE -#define KRB_PRIVATE 0 -#endif -#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) -#define KRB5INT_KRB4_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#else -#ifndef KRB_PRIVATE -#define KRB_PRIVATE 1 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to KRB4 types and functions */ -/* Currently only defined on Mac OS X 10.5 and later. */ -#ifndef KRB5INT_KRB4_DEPRECATED -#define KRB5INT_KRB4_DEPRECATED -#endif - -/* Define u_char, u_short, u_int, and u_long. */ -/* XXX these typdef names are not standardized! */ -#include - -/* Need some defs from des.h */ -#include -#include -#include - -#ifdef _WIN32 -#include -#endif /* _WIN32 */ - -#ifdef __cplusplus -#ifndef KRBINT_BEGIN_DECLS -#define KRBINT_BEGIN_DECLS extern "C" { -#define KRBINT_END_DECLS } -#endif -#else -#define KRBINT_BEGIN_DECLS -#define KRBINT_END_DECLS -#endif -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -#define KRB4_32 DES_INT32 -#define KRB_INT32 DES_INT32 -#define KRB_UINT32 DES_UINT32 - -#define MAX_KRB_ERRORS 256 - -#if TARGET_OS_MAC -/* ABI divergence on Mac for backwards compatibility. */ -extern const char * const * const krb_err_txt -KRB5INT_KRB4_DEPRECATED; -#else -extern const char * const krb_err_txt[MAX_KRB_ERRORS] -KRB5INT_KRB4_DEPRECATED; -#endif - -/* General definitions */ -#define KSUCCESS 0 -#define KFAILURE 255 - -/* - * Kerberos specific definitions - * - * KRBLOG is the log file for the kerberos master server. KRB_CONF is - * the configuration file where different host machines running master - * and slave servers can be found. KRB_MASTER is the name of the - * machine with the master database. The admin_server runs on this - * machine, and all changes to the db (as opposed to read-only - * requests, which can go to slaves) must go to it. KRB_HOST is the - * default machine * when looking for a kerberos slave server. Other - * possibilities are * in the KRB_CONF file. KRB_REALM is the name of - * the realm. - */ - -#define KRB_CONF "/etc/krb.conf" -#define KRB_RLM_TRANS "/etc/krb.realms" -#define KRB_MASTER "kerberos" -#define KRB_HOST KRB_MASTER -#define KRB_REALM "ATHENA.MIT.EDU" - -/* The maximum sizes for aname, realm, sname, and instance +1 */ -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 -#define ADDR_SZ 40 -/* - * NB: This overcounts due to NULs. - */ -/* include space for '.' and '@' */ -#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) -#define KKEY_SZ 100 -#define VERSION_SZ 1 -#define MSG_TYPE_SZ 1 -#define DATE_SZ 26 /* RTI date output */ - -#define MAX_HSTNM 100 - -#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ -#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */ -#endif - -#define KRB_TICKET_GRANTING_TICKET "krbtgt" - -/* Definition of text structure used to pass text around */ -#define MAX_KTXT_LEN 1250 - -struct ktext { - int length; /* Length of the text */ - unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - unsigned long mbz; /* zero to catch runaway strings */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct ktext *KTEXT KRB5INT_KRB4_DEPRECATED; -typedef struct ktext KTEXT_ST KRB5INT_KRB4_DEPRECATED; - - -/* Definitions for send_to_kdc */ -#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ -#define CLIENT_KRB_RETRY 5 /* retry this many times */ -#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ - -/* Definitions for ticket file utilities */ -#define R_TKT_FIL 0 -#define W_TKT_FIL 1 - -/* Definitions for cl_get_tgt */ -#ifdef PC -#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" -#else -#define CL_GTGT_INIT_FILE "/etc/k_in_tkts" -#endif /* PC */ - -/* Parameters for rd_ap_req */ -/* Maximum allowable clock skew in seconds */ -#define CLOCK_SKEW 5*60 -/* Filename for readservkey */ -#define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab")) - -/* Structure definition for rd_ap_req */ - -struct auth_dat { - unsigned char k_flags; /* Flags from ticket */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* His Instance */ - char prealm[REALM_SZ]; /* His Realm */ - unsigned KRB4_32 checksum; /* Data checksum (opt) */ - C_Block session; /* Session Key */ - int life; /* Life of ticket */ - unsigned KRB4_32 time_sec; /* Time ticket issued */ - unsigned KRB4_32 address; /* Address in ticket */ - KTEXT_ST reply; /* Auth reply (opt) */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct auth_dat AUTH_DAT KRB5INT_KRB4_DEPRECATED; - -/* Structure definition for credentials returned by get_cred */ - -struct credentials { - char service[ANAME_SZ]; /* Service name */ - char instance[INST_SZ]; /* Instance */ - char realm[REALM_SZ]; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT_ST ticket_st; /* The ticket itself */ - KRB4_32 issue_date; /* The issue time */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* Principal's instance */ -#if TARGET_OS_MAC - KRB_UINT32 address; /* Address in ticket */ - KRB_UINT32 stk_type; /* string_to_key function needed */ -#endif -#ifdef _WIN32 - char address[ADDR_SZ]; /* Address in ticket */ -#endif -} KRB5INT_KRB4_DEPRECATED; - -typedef struct credentials CREDENTIALS KRB5INT_KRB4_DEPRECATED; - -/* Structure definition for rd_private_msg and rd_safe_msg */ - -struct msg_dat { - unsigned char *app_data; /* pointer to appl data */ - unsigned KRB4_32 app_length; /* length of appl data */ - unsigned KRB4_32 hash; /* hash to lookup replay */ - int swap; /* swap bytes? */ - KRB4_32 time_sec; /* msg timestamp seconds */ - unsigned char time_5ms; /* msg timestamp 5ms units */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct msg_dat MSG_DAT KRB5INT_KRB4_DEPRECATED; - - -/* Location of ticket file for save_cred and get_cred */ -#ifdef _WIN32 -#define TKT_FILE "\\kerberos\\ticket.ses" -#else -#define TKT_FILE tkt_string() -#define TKT_ROOT "/tmp/tkt" -#endif /* _WIN32 */ - -/* - * Error codes are now defined as offsets from com_err (krb_err.et) - * values. - */ -#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb) - -/* Error codes returned from the KDC */ -#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */ -#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */ -#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */ -#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */ -#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */ -#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */ -#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */ -#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */ -#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */ -#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */ -#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */ -#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */ - -/* Values returned by get_credentials */ -#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ -#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ -#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ -#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ -#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ -#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ - -/* Values returned by mk_ap_req */ -#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */ -#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */ - -/* Values returned by rd_ap_req */ -#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */ -#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */ -#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */ -#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */ -#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */ -#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */ -#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */ -#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */ -#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */ -#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */ -#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */ -#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */ -#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */ -#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */ - -/* Values returned by get_pw_tkt */ -#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */ -#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ -#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */ -#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */ -#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */ -#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */ - -/* Values returned by send_to_kdc */ -#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */ -#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */ -#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */ - -/* - * Values returned by get_intkt - * (can also return SKDC_* and KDC errors) - */ - -#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */ -#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ -#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */ -#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */ -#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */ -#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */ - -/* Values returned by get_adtkt */ -#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */ -#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */ - -/* Error codes returned by ticket file utilities */ -#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */ -#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */ -#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */ -#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */ -#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */ - -/* Error code returned by kparse_name */ -#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */ - -/* Error code returned by krb_mk_safe */ -#define SAFE_PRIV_ERROR (-1) /* syscall error */ - -/* Kerberos ticket flag field bit definitions */ -#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ -#define K_FLAG_1 /* reserved */ -#define K_FLAG_2 /* reserved */ -#define K_FLAG_3 /* reserved */ -#define K_FLAG_4 /* reserved */ -#define K_FLAG_5 /* reserved */ -#define K_FLAG_6 /* reserved */ -#define K_FLAG_7 /* reserved, bit 7 --> msb */ - -/* Are these needed anymore? */ -#ifdef OLDNAMES -#define krb_mk_req mk_ap_req -#define krb_rd_req rd_ap_req -#define krb_kntoln an_to_ln -#define krb_set_key set_serv_key -#define krb_get_cred get_credentials -#define krb_mk_priv mk_private_msg -#define krb_rd_priv rd_private_msg -#define krb_mk_safe mk_safe_msg -#define krb_rd_safe rd_safe_msg -#define krb_mk_err mk_appl_err_msg -#define krb_rd_err rd_appl_err_msg -#define krb_ck_repl check_replay -#define krb_get_pw_in_tkt get_in_tkt -#define krb_get_svc_in_tkt get_svc_in_tkt -#define krb_get_pw_tkt get_pw_tkt -#define krb_realmofhost krb_getrealm -#define krb_get_phost get_phost -#define krb_get_krbhst get_krbhst -#define krb_get_lrealm get_krbrlm -#endif /* OLDNAMES */ - -/* Defines for krb_sendauth and krb_recvauth */ - -#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ -#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ -#define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst as a host */ - -#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ - -#ifdef ATHENA_COMPAT -#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ -#endif /* ATHENA_COMPAT */ - - -#ifdef _WIN32 -#define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0) -#define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us)) -#define CONVERT_TIME_EPOCH win_time_get_epoch() -#else -/* until we do V4 compat under DOS, just turn this off */ -#define _fmemcpy memcpy -#define _fstrncpy strncpy -#define far_fputs fputs -/* and likewise, just drag in the unix time interface */ -#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0) -#define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us)) -#define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */ -#endif /* _WIN32 */ - -/* Constants for KerberosProfileLib */ -#define REALMS_V4_PROF_REALMS_SECTION "v4 realms" -#define REALMS_V4_PROF_KDC "kdc" -#define REALMS_V4_PROF_ADMIN_KDC "admin_server" -#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server" -#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm" -#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults" -#define REALMS_V4_PROF_LOCAL_REALM "default_realm" -#define REALMS_V4_PROF_STK "string_to_key_type" -#define REALMS_V4_MIT_STK "mit_string_to_key" -#define REALMS_V4_AFS_STK "afs_string_to_key" -#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key" -#define REALMS_V4_DEFAULT_REALM "default_realm" -#define REALMS_V4_NO_ADDRESSES "noaddresses" - -/* ask to disable IP address checking in the library */ -extern int krb_ignore_ip_address; - -/* Debugging printfs shouldn't even be compiled on many systems that don't - support printf! Use it like DEB (("Oops - %s\n", string)); */ - -#ifdef DEBUG -#define DEB(x) if (krb_debug) printf x -extern int krb_debug; -#else -#define DEB(x) /* nothing */ -#endif - -/* Define a couple of function types including parameters. These - are needed on MS-Windows to convert arguments of the function pointers - to the proper types during calls. */ - -typedef int (KRB5_CALLCONV *key_proc_type) - (char *, char *, char *, - char *, C_Block) -KRB5INT_KRB4_DEPRECATED; - -#define KEY_PROC_TYPE_DEFINED - -typedef int (KRB5_CALLCONV *decrypt_tkt_type) - (char *, char *, char *, - char *, key_proc_type, KTEXT *) -KRB5INT_KRB4_DEPRECATED; - -#define DECRYPT_TKT_TYPE_DEFINED - -extern struct _krb5_context * krb5__krb4_context; - -/* - * Function Prototypes for Kerberos V4. - */ - -struct sockaddr_in; - -/* dest_tkt.c */ -int KRB5_CALLCONV dest_tkt - (void) -KRB5INT_KRB4_DEPRECATED; - -/* err_txt.c */ -const char * KRB5_CALLCONV krb_get_err_text - (int errnum) -KRB5INT_KRB4_DEPRECATED; - -/* g_ad_tkt.c */ -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV get_ad_tkt - (char *service, char *sinst, char *realm, int lifetime) -KRB5INT_KRB4_DEPRECATED; - -/* g_admhst.c */ -int KRB5_CALLCONV krb_get_admhst - (char *host, char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_cred.c */ -int KRB5_CALLCONV krb_get_cred - (char *service, char *instance, char *realm, - CREDENTIALS *c) -KRB5INT_KRB4_DEPRECATED; - -/* g_in_tkt.c */ -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV krb_get_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinst, int life, - key_proc_type, decrypt_tkt_type, char *arg) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV krb_get_in_tkt_preauth - (char *k_user, char *instance, char *realm, - char *service, char *sinst, int life, - key_proc_type, decrypt_tkt_type, char *arg, - char *preauth_p, int preauth_len) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* From KfM */ -int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *, - int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *) -KRB5INT_KRB4_DEPRECATED; - - -/* g_krbhst.c */ -int KRB5_CALLCONV krb_get_krbhst - (char *host, const char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_krbrlm.c */ -int KRB5_CALLCONV krb_get_lrealm - (char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_phost.c */ -char * KRB5_CALLCONV krb_get_phost - (char * alias) -KRB5INT_KRB4_DEPRECATED; - -/* get_pw_tkt */ -int KRB5_CALLCONV get_pw_tkt - (char *, char *, char *, char *) -KRB5INT_KRB4_DEPRECATED; - -/* g_pw_in_tkt.c */ -int KRB5_CALLCONV krb_get_pw_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *password) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -int KRB5_CALLCONV krb_get_pw_in_tkt_preauth - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *password) -KRB5INT_KRB4_DEPRECATED; -#endif - -int KRB5_CALLCONV -krb_get_pw_in_tkt_creds(char *, char *, char *, - char *, char *, int, char *, CREDENTIALS *) -KRB5INT_KRB4_DEPRECATED; - -/* g_svc_in_tkt.c */ -int KRB5_CALLCONV krb_get_svc_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *srvtab) -KRB5INT_KRB4_DEPRECATED; - -/* g_tf_fname.c */ -int KRB5_CALLCONV krb_get_tf_fullname - (const char *ticket_file, char *name, char *inst, char *realm) -KRB5INT_KRB4_DEPRECATED; - -/* g_tf_realm.c */ -int KRB5_CALLCONV krb_get_tf_realm - (const char *ticket_file, char *realm) -KRB5INT_KRB4_DEPRECATED; - -/* g_tkt_svc.c */ -int KRB5_CALLCONV krb_get_ticket_for_service - (char *serviceName, - char *buf, unsigned KRB4_32 *buflen, - int checksum, des_cblock, Key_schedule, - char *version, int includeVersion) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* in_tkt.c */ -int KRB5_CALLCONV in_tkt - (char *name, char *inst) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_in_tkt - (char *pname, char *pinst, char *realm) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* kname_parse.c */ -int KRB5_CALLCONV kname_parse - (char *name, char *inst, char *realm, - char *fullname) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV kname_unparse - (char *, const char *, const char *, const char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isname - (char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isinst - (char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isrealm - (char *) -KRB5INT_KRB4_DEPRECATED; - - -/* kuserok.c */ -int KRB5_CALLCONV kuserok - (AUTH_DAT *kdata, char *luser) -KRB5INT_KRB4_DEPRECATED; - -/* lifetime.c */ -KRB4_32 KRB5_CALLCONV krb_life_to_time - (KRB4_32 start, int life) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_time_to_life - (KRB4_32 start, KRB4_32 end) -KRB5INT_KRB4_DEPRECATED; - -/* mk_auth.c */ -int KRB5_CALLCONV krb_check_auth - (KTEXT, unsigned KRB4_32 cksum, MSG_DAT *, - C_Block, Key_schedule, - struct sockaddr_in * local_addr, - struct sockaddr_in * foreign_addr) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_mk_auth - (long k4_options, KTEXT ticket, - char *service, char *inst, char *realm, - unsigned KRB4_32 checksum, char *version, KTEXT buf) -KRB5INT_KRB4_DEPRECATED; - -/* mk_err.c */ -long KRB5_CALLCONV krb_mk_err - (u_char *out, KRB4_32 k4_code, char *text) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* mk_preauth.c */ -int krb_mk_preauth - (char **preauth_p, int *preauth_len, key_proc_type, - char *name, char *inst, char *realm, char *password, - C_Block) -KRB5INT_KRB4_DEPRECATED; - -void krb_free_preauth - (char * preauth_p, int len) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* mk_priv.c */ -long KRB5_CALLCONV krb_mk_priv - (u_char *in, u_char *out, - unsigned KRB4_32 length, - Key_schedule, C_Block *, - struct sockaddr_in * sender, - struct sockaddr_in * receiver) -KRB5INT_KRB4_DEPRECATED; - -/* mk_req.c */ -int KRB5_CALLCONV krb_mk_req - (KTEXT authent, - char *service, char *instance, char *realm, - KRB4_32 checksum) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32) -KRB5INT_KRB4_DEPRECATED; - -/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */ -int KRB5_CALLCONV krb_set_lifetime(int newval) -KRB5INT_KRB4_DEPRECATED; - -/* mk_safe.c */ -long KRB5_CALLCONV krb_mk_safe - (u_char *in, u_char *out, unsigned KRB4_32 length, - C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* netread.c */ -int krb_net_read - (int fd, char *buf, int len) -KRB5INT_KRB4_DEPRECATED; - -/* netwrite.c */ -int krb_net_write - (int fd, char *buf, int len) -KRB5INT_KRB4_DEPRECATED; - -/* pkt_clen.c */ -int pkt_clen - (KTEXT) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* put_svc_key.c */ -int KRB5_CALLCONV put_svc_key - (char *sfile, - char *name, char *inst, char *realm, - int newvno, char *key) -KRB5INT_KRB4_DEPRECATED; - -/* rd_err.c */ -int KRB5_CALLCONV krb_rd_err - (u_char *in, u_long in_length, - long *k4_code, MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_priv.c */ -long KRB5_CALLCONV krb_rd_priv - (u_char *in,unsigned KRB4_32 in_length, - Key_schedule, C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver, - MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_req.c */ -int KRB5_CALLCONV krb_rd_req - (KTEXT, char *service, char *inst, - unsigned KRB4_32 from_addr, AUTH_DAT *, - char *srvtab) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV -krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block) -KRB5INT_KRB4_DEPRECATED; - -/* rd_safe.c */ -long KRB5_CALLCONV krb_rd_safe - (u_char *in, unsigned KRB4_32 in_length, - C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver, - MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_svc_key.c */ -int KRB5_CALLCONV read_service_key - (char *service, char *instance, char *realm, - int kvno, char *file, char *key) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV get_service_key - (char *service, char *instance, char *realm, - int *kvno, char *file, char *key) -KRB5INT_KRB4_DEPRECATED; - -/* realmofhost.c */ -char * KRB5_CALLCONV krb_realmofhost - (char *host) -KRB5INT_KRB4_DEPRECATED; - -/* recvauth.c */ -int KRB5_CALLCONV krb_recvauth - (long k4_options, int fd, KTEXT ticket, - char *service, char *instance, - struct sockaddr_in *foreign_addr, - struct sockaddr_in *local_addr, - AUTH_DAT *kdata, char *srvtab, - Key_schedule schedule, char *version) -KRB5INT_KRB4_DEPRECATED; - -/* sendauth.c */ -int KRB5_CALLCONV krb_sendauth - (long k4_options, int fd, KTEXT ticket, - char *service, char *inst, char *realm, - unsigned KRB4_32 checksum, MSG_DAT *msg_data, - CREDENTIALS *cred, Key_schedule schedule, - struct sockaddr_in *laddr, struct sockaddr_in *faddr, - char *version) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* save_creds.c */ -int KRB5_CALLCONV krb_save_credentials - (char *service, char *instance, char *realm, - C_Block session, int lifetime, int kvno, - KTEXT ticket, long issue_date) -KRB5INT_KRB4_DEPRECATED; - -/* send_to_kdc.c */ -/* XXX PRIVATE? KfM doesn't export. */ -int send_to_kdc - (KTEXT pkt, KTEXT rpkt, char *realm) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* tkt_string.c */ -/* Used to return pointer to non-const char */ -const char * KRB5_CALLCONV tkt_string - (void) -KRB5INT_KRB4_DEPRECATED; - -/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */ -void KRB5_CALLCONV krb_set_tkt_string - (const char *) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* tf_util.c */ -int KRB5_CALLCONV tf_init (const char *tf_name, int rw) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_pname (char *p) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_pinst (char *p) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c) -KRB5INT_KRB4_DEPRECATED; - -void KRB5_CALLCONV tf_close (void) -KRB5INT_KRB4_DEPRECATED; -#endif - -#if KRB_PRIVATE -/* unix_time.c */ -unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec - (unsigned KRB4_32 *) -KRB5INT_KRB4_DEPRECATED; - -/* - * Internal prototypes - */ -extern int krb_set_key - (char *key, int cvt) -KRB5INT_KRB4_DEPRECATED; - -/* This is exported by KfM. It was previously not KRB5_CALLCONV. */ -extern int KRB5_CALLCONV decomp_ticket - (KTEXT tkt, unsigned char *flags, char *pname, - char *pinstance, char *prealm, unsigned KRB4_32 *paddress, - C_Block session, int *life, unsigned KRB4_32 *time_sec, - char *sname, char *sinstance, C_Block, - Key_schedule key_s) -KRB5INT_KRB4_DEPRECATED; - - -extern void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, - u_long time_ws, u_long e, char *e_string) -KRB5INT_KRB4_DEPRECATED; - -extern int create_ciph(KTEXT c, C_Block session, char *service, - char *instance, char *realm, unsigned long life, - int kvno, KTEXT tkt, unsigned long kdc_time, - C_Block key) -KRB5INT_KRB4_DEPRECATED; - - -extern int krb_create_ticket(KTEXT tkt, unsigned int flags, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance, C_Block key) -KRB5INT_KRB4_DEPRECATED; - -#endif /* KRB_PRIVATE */ - -/* This function is used by KEYFILE above. Do not call it directly */ -extern char * krb__get_srvtabname(const char *) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE - -extern int krb_kntoln(AUTH_DAT *, char *) -KRB5INT_KRB4_DEPRECATED; - -#ifdef KRB5_GENERAL__ -extern int krb_cr_tkt_krb5(KTEXT tkt, unsigned int flags, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance, - krb5_keyblock *k5key) -KRB5INT_KRB4_DEPRECATED; - -extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key) -KRB5INT_KRB4_DEPRECATED; - -#endif - -#endif /* KRB_PRIVATE */ - -/* - * krb_change_password -- merged from KfM - */ -/* change_password.c */ -int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *) -KRB5INT_KRB4_DEPRECATED; - -/* - * RealmsConfig-glue.c -- merged from KfM - */ -int KRB5_CALLCONV krb_get_profile(profile_t *) -KRB5INT_KRB4_DEPRECATED; - -#ifdef _WIN32 -HINSTANCE get_lib_instance(void) -KRB5INT_KRB4_DEPRECATED; -unsigned int krb_get_notification_message(void) -KRB5INT_KRB4_DEPRECATED; -char * KRB5_CALLCONV krb_get_default_user(void) -KRB5INT_KRB4_DEPRECATED; -int KRB5_CALLCONV krb_set_default_user(char *) -KRB5INT_KRB4_DEPRECATED; -unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *) -KRB5INT_KRB4_DEPRECATED; -long win_time_get_epoch(void) -KRB5INT_KRB4_DEPRECATED; -#endif - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/krb_db.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/krb_db.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/krb_db.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,119 +0,0 @@ -/* - * include/kerberosIV/krb_db.h - * - * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * spm Project Athena 8/85 - * - * This file defines data structures for the kerberos - * authentication/authorization database. - * - * They MUST correspond to those defined in *.rel - */ - -#ifndef KRB_DB_DEFS -#define KRB_DB_DEFS - -#define KERB_M_NAME "K" /* Kerberos */ -#define KERB_M_INST "M" /* Master */ -#define KERB_DEFAULT_NAME "default" -#define KERB_DEFAULT_INST "" -#define DBM_FILE "/kerberos/principal" - -/* this also defines the number of queue headers */ -#define KERB_DB_HASH_MODULO 64 - - -/* Arguments to kerb_dbl_lock() */ - -#define KERB_DBL_EXCLUSIVE 1 -#define KERB_DBL_SHARED 0 - -/* arguments to kerb_db_set_lockmode() */ - -#define KERB_DBL_BLOCKING 0 -#define KERB_DBL_NONBLOCKING 1 - -/* Principal defines the structure of a principal's name */ - -typedef struct { - char name[ANAME_SZ]; - char instance[INST_SZ]; - - unsigned long key_low; - unsigned long key_high; - unsigned long exp_date; - char exp_date_txt[DATE_SZ]; - unsigned long mod_date; - char mod_date_txt[DATE_SZ]; - unsigned short attributes; - unsigned char max_life; - unsigned char kdc_key_ver; - unsigned char key_version; - - char mod_name[ANAME_SZ]; - char mod_instance[INST_SZ]; - char *old; /* cast to (Principal *); not in db, - * ptr to old vals */ -} - Principal; - -typedef struct { - long cpu; - long elapsed; - long dio; - long pfault; - long t_stamp; - long n_retrieve; - long n_replace; - long n_append; - long n_get_stat; - long n_put_stat; -} - DB_stat; - -/* Dba defines the structure of a database administrator */ - -typedef struct { - char name[ANAME_SZ]; - char instance[INST_SZ]; - unsigned short attributes; - unsigned long exp_date; - char exp_date_txt[DATE_SZ]; - char *old; /* - * cast to (Dba *); not in db, ptr to - * old vals - */ -} - Dba; - -#if 0 -extern int kerb_get_principal(); -extern int kerb_put_principal(); -extern int kerb_db_get_stat(); -extern int kerb_db_put_stat(); -extern int kerb_get_dba(); -extern int kerb_db_get_dba(); -#endif - -#endif /* KRB_DB_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/krbports.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/krbports.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/krbports.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,27 +0,0 @@ -/* krbports.h -- fallback port numbers in case /etc/services isn't changed */ -/* used by: appl/bsd/rcp.c, rlogin.c, rsh.c, knetd.c - kadmin/kadm_ser_wrap.c, lib/kadm/kadm_cli_wrap.c - lib/krb/send_to_kdc.c - movemail/movemail.c, pfrom/popmail.c - server/kerberos.c, slave/kprop.c, kpropd.c -*/ - -#define KRB_SHELL_PORT 544 -#define UCB_SHELL_PORT 514 - -#define KLOGIN_PORT 543 -#define EKLOGIN_PORT 2105 -#define UCB_LOGIN_PORT 513 - -#define KADM_PORT 751 -#define KERBEROS_PORT 750 -#define KERBEROS_SEC_PORT 88 -#define KRB_PROP_PORT 754 - -#define KPOP_PORT 1109 -#define POP3_PORT 110 - -#define KNETD_PORT 2053 - -/* already in rkinit_private.h */ -#define RKINIT_PORT 2108 Deleted: branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,47 +0,0 @@ -/* - * include/kerberosIV/lsb_addr_cmp.h - * - * Copyright 1988, 1995 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Comparison macros to emulate LSBFIRST comparison results of network - * byte-order quantities - */ - -#include "mit-copyright.h" -#ifndef LSB_ADDR_COMP_DEFS -#define LSB_ADDR_COMP_DEFS - -/* #include "osconf.h" */ - -/* note that if we don't explicitly know if we're LSBFIRST, the - alternate code is byte order independent and will give the - right answer. */ -#ifdef LSBFIRST -#define lsb_net_ulong_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) -#define lsb_net_ushort_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) -#else -/* MSBFIRST */ -#define u_char_comp(x,y) \ - (((x)>(y))?(1):(((x)==(y))?(0):(-1))) -/* This is gross, but... */ -#define lsb_net_ulong_less(x, y) long_less_than((u_char *)&x, (u_char *)&y) -#define lsb_net_ushort_less(x, y) short_less_than((u_char *)&x, (u_char *)&y) - -#define long_less_than(x,y) \ - (u_char_comp((x)[3],(y)[3])?u_char_comp((x)[3],(y)[3]): \ - (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \ - (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \ - (u_char_comp((x)[0],(y)[0]))))) -#define short_less_than(x,y) \ - (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \ - (u_char_comp((x)[0],(y)[0]))) - -#endif /* LSBFIRST */ - -/* For krb4 library internal use only. */ -extern int krb4int_address_less (struct sockaddr_in *, struct sockaddr_in *); - -#endif /* LSB_ADDR_COMP_DEFS */ Deleted: branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,23 +0,0 @@ -/* - Copyright (C) 1989 by the Massachusetts Institute of Technology - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, Permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. Furthermore if you modify this software you must label -your software as modified software and not distribute it in such a -fashion that it might be confused with the original M.I.T. software. -M.I.T. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty. - - */ Deleted: branches/mskrb-integ/src/include/kerberosIV/prot.h =================================================================== --- branches/mskrb-integ/src/include/kerberosIV/prot.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/include/kerberosIV/prot.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,277 +0,0 @@ -/* - * include/kerberosIV/prot.h - * - * Copyright 1985-1994, 2001 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Prototypes for internal functions, mostly related to protocol - * encoding and decoding. - */ - -#ifndef PROT_DEFS -#define PROT_DEFS - -#define KRB_PORT 750 /* PC's don't have - * /etc/services */ -#define KRB_PROT_VERSION 4 -#define MAX_PKT_LEN 1000 -#define MAX_TXT_LEN 1000 - -/* Macro's to obtain various fields from a packet */ - -#define pkt_version(packet) (unsigned int) *(packet->dat) -#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) -#define pkt_a_name(packet) (packet->dat+2) -#define pkt_a_inst(packet) \ - (packet->dat+3+strlen((char *)pkt_a_name(packet))) -#define pkt_a_realm(packet) \ - (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) - -/* Macro to obtain realm from application request */ -#define apreq_realm(auth) (auth->dat + 3) - -#define pkt_time_ws(packet) (char *) \ - (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) - -#define pkt_no_req(packet) (unsigned short) \ - *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) -#define pkt_x_date(packet) (char *) \ - (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) -#define pkt_err_code(packet) ( (char *) \ - (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet)))) -#define pkt_err_text(packet) \ - (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) - -/* - * This remains here for the KDC to use for now, but will go away - * soon. - */ - -#define swap_u_long(x) {\ - unsigned KRB4_32 _krb_swap_tmp[4];\ - swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ - swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ - x = _krb_swap_tmp[0]; \ - } - -/* - * New byte swapping routines, much cleaner. - * - * Should also go away soon though. - */ -#include "k5-platform.h" - -#ifdef SWAP16 -#define krb4_swab16(val) SWAP16(val) -#else -#define krb4_swab16(val) ((((val) >> 8)&0xFF) | ((val) << 8)) -#endif -#ifdef SWAP32 -#define krb4_swap32(val) SWAP32(val) -#else -#define krb4_swab32(val) ((((val)>>24)&0xFF) | (((val)>>8)&0xFF00) | \ - (((val)<<8)&0xFF0000) | ((val)<<24)) -#endif - -/* - * Macros to encode integers into buffers. These take a parameter - * that is a moving pointer of type (unsigned char *) into the buffer, - * and assume that the caller has already bounds-checked. - */ -#define KRB4_PUT32BE(p, val) (store_32_be(val, p), (p) += 4) -#define KRB4_PUT32LE(p, val) (store_32_le(val, p), (p) += 4) -#define KRB4_PUT32(p, val, le) \ -do { \ - if (le) \ - KRB4_PUT32LE((p), (val)); \ - else \ - KRB4_PUT32BE((p), (val)); \ -} while (0) - -#define KRB4_PUT16BE(p, val) (store_16_be(val, p), (p) += 2) -#define KRB4_PUT16LE(p, val) (store_16_le(val, p), (p) += 2) -#define KRB4_PUT16(p, val, le) \ -do { \ - if (le) \ - KRB4_PUT16LE((p), (val)); \ - else \ - KRB4_PUT16BE((p), (val)); \ -} while (0) - -/* - * Macros to get integers from a buffer. These take a parameter that - * is a moving pointer of type (unsigned char *) into the buffer, and - * assume that the caller has already bounds-checked. In addition, - * they assume that val is an unsigned type; ANSI leaves the semantics - * of unsigned -> signed conversion as implementation-defined, so it's - * unwise to depend on such. - */ -#define KRB4_GET32BE(val, p) ((val) = load_32_be(p), (p) += 4) -#define KRB4_GET32LE(val, p) ((val) = load_32_le(p), (p) += 4) -#define KRB4_GET32(val, p, le) \ -do { \ - if (le) \ - KRB4_GET32LE((val), (p)); \ - else \ - KRB4_GET32BE((val), (p)); \ -} while (0) - -#define KRB4_GET16BE(val, p) ((val) = load_16_be(p), (p) += 2) -#define KRB4_GET16LE(val, p) ((val) = load_16_le(p), (p) += 2) -#define KRB4_GET16(val, p, le) \ -do { \ - if (le) \ - KRB4_GET16LE((val), (p)); \ - else \ - KRB4_GET16BE((val), (p)); \ -} while (0) - -/* Routines to create and read packets may be found in prot.c */ - -KTEXT create_auth_reply(char *, char *, char *, long, int, - unsigned long, int, KTEXT); -KTEXT create_death_packet(char *); -KTEXT pkt_cipher(KTEXT); - -/* getst.c */ -int krb4int_getst(int, char *, int); - -/* strnlen.c */ -extern int KRB5_CALLCONV krb4int_strnlen(const char *, int); - -/* prot_client.c */ -extern int KRB5_CALLCONV krb4prot_encode_kdc_request( - char *, char *, char *, - KRB4_32, int, - char *, char *, - char *, int, int, int, - KTEXT); -extern int KRB5_CALLCONV krb4prot_decode_kdc_reply( - KTEXT, - int *, - char *, char *, char *, - long *, int *, unsigned long *, int *, KTEXT); -extern int KRB5_CALLCONV krb4prot_decode_ciph( - KTEXT, int, - C_Block, - char *, char *, char *, - int *, int *, KTEXT, unsigned long *); -extern int KRB5_CALLCONV krb4prot_encode_apreq( - int, char *, - KTEXT, KTEXT, - int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_encode_authent( - char *, char *, char *, - KRB4_32, - int, long, - int, int le, - KTEXT pkt); -extern int KRB5_CALLCONV krb4prot_decode_error( - KTEXT, int *, - char *, char *, char *, - unsigned long *, unsigned long *, char *); - -/* prot_common.c */ -extern int KRB5_CALLCONV krb4prot_encode_naminstrlm( - char *, char *, char *, - int, KTEXT, unsigned char **); -extern int KRB5_CALLCONV krb4prot_decode_naminstrlm( - KTEXT, unsigned char **, - char *, char *, char *); -extern int KRB5_CALLCONV krb4prot_decode_header( - KTEXT, int *, int *, int *); - -/* prot_kdc.c */ -extern int KRB5_CALLCONV krb4prot_encode_kdc_reply( - char *, char *, char *, - long, int, unsigned long, - int, KTEXT, int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_encode_ciph( - C_Block, - char *, char *, char *, - unsigned long, int, KTEXT, unsigned long, - int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_encode_tkt( - unsigned int, - char *, char *, char *, - unsigned long, - char *, int, long, - char *, char *, - int, int, KTEXT tkt); -extern int KRB5_CALLCONV krb4prot_encode_err_reply( - char *, char *, char *, - unsigned long, unsigned long, char *, - int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_decode_kdc_request( - KTEXT, - int *, char *, char *, char *, - long *, int *, char *sname, char *sinst); - -/* Message types , always leave lsb for byte order */ - -#define AUTH_MSG_KDC_REQUEST 1<<1 -#define AUTH_MSG_KDC_REPLY 2<<1 -#define AUTH_MSG_APPL_REQUEST 3<<1 -#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 -#define AUTH_MSG_ERR_REPLY 5<<1 -#define AUTH_MSG_PRIVATE 6<<1 -#define AUTH_MSG_SAFE 7<<1 -#define AUTH_MSG_APPL_ERR 8<<1 -#define AUTH_MSG_DIE 63<<1 - -/* values for kerb error codes */ - -#define KERB_ERR_OK 0 -#define KERB_ERR_NAME_EXP 1 -#define KERB_ERR_SERVICE_EXP 2 -#define KERB_ERR_AUTH_EXP 3 -#define KERB_ERR_PKT_VER 4 -#define KERB_ERR_NAME_MAST_KEY_VER 5 -#define KERB_ERR_SERV_MAST_KEY_VER 6 -#define KERB_ERR_BYTE_ORDER 7 -#define KERB_ERR_PRINCIPAL_UNKNOWN 8 -#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 -#define KERB_ERR_NULL_KEY 10 -/* Cygnus extensions for Preauthentication */ -#define KERB_ERR_PREAUTH_SHORT 11 -#define KERB_ERR_PREAUTH_MISMATCH 12 - -/* Return codes from krb4prot_ encoders/decoders */ - -#define KRB4PROT_OK 0 -#define KRB4PROT_ERR_UNDERRUN 1 -#define KRB4PROT_ERR_OVERRUN 2 -#define KRB4PROT_ERR_PROT_VERS 3 -#define KRB4PROT_ERR_MSG_TYPE 4 -#define KRB4PROT_ERR_GENERIC 255 - -#endif /* PROT_DEFS */ Modified: branches/mskrb-integ/src/kadmin/cli/kadmin.c =================================================================== --- branches/mskrb-integ/src/kadmin/cli/kadmin.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kadmin/cli/kadmin.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -536,7 +536,7 @@ krb5_defkeyname = DEFAULT_KEYTAB; } - if ((retval = kadm5_init_iprop(handle)) != 0) { + if ((retval = kadm5_init_iprop(handle, 0)) != 0) { com_err(whoami, retval, _("while mapping update log")); exit(1); } Modified: branches/mskrb-integ/src/kadmin/dbutil/Makefile.in =================================================================== --- branches/mskrb-integ/src/kadmin/dbutil/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kadmin/dbutil/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -2,10 +2,9 @@ myfulldir=kadmin/dbutil mydir=kadmin/dbutil BUILDTOP=$(REL)..$(S).. -DEFINES = -DKDB4_DISABLE DEFS= -LOCALINCLUDES = -I. @KRB4_INCLUDES@ -PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) +LOCALINCLUDES = -I. +PROG_LIBPATH=-L$(TOPLIBD) $(KRB5_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS) @@ -17,8 +16,8 @@ all:: $(PROG) -$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS) +$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) import_err.c import_err.h: $(srcdir)/import_err.et Modified: branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c =================================================================== --- branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -281,9 +281,9 @@ /* } */ if (log_ctx && log_ctx->iproprole) { - if (retval = ulog_map(util_context, global_params.iprop_logfile, - global_params.iprop_ulogsize, FKCOMMAND, - db5util_db_args)) { + if ((retval = ulog_map(util_context, global_params.iprop_logfile, + global_params.iprop_ulogsize, FKCOMMAND, + db5util_db_args))) { com_err(argv[0], retval, _("while creating update log")); exit_status++; Modified: branches/mskrb-integ/src/kadmin/server/ipropd_svc.c =================================================================== --- branches/mskrb-integ/src/kadmin/server/ipropd_svc.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kadmin/server/ipropd_svc.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -31,8 +31,6 @@ extern gss_name_t rqst2name(struct svc_req *rqstp); -extern int setup_gss_names(struct svc_req *, gss_buffer_desc *, - gss_buffer_desc *); extern void *global_server_handle; extern int nofork; extern short l_port; Modified: branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c =================================================================== --- branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -25,8 +25,6 @@ static int check_rpcsec_auth(struct svc_req *); -void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data); /* * Function: kadm_1 * Modified: branches/mskrb-integ/src/kadmin/server/misc.h =================================================================== --- branches/mskrb-integ/src/kadmin/server/misc.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kadmin/server/misc.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -11,6 +11,15 @@ krb5_ui_4 port; } krb5_fulladdr; +void +log_badauth(OM_uint32 major, OM_uint32 minor, + struct sockaddr_in *addr, char *data); + +int +setup_gss_names(struct svc_req *, gss_buffer_desc *, + gss_buffer_desc *); + + kadm5_ret_t chpass_principal_wrapper_3(void *server_handle, krb5_principal principal, @@ -61,6 +70,7 @@ gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name, krb5_principal *princ, gss_buffer_t gss_str); +<<<<<<< HEAD:src/kadmin/server/misc.h extern volatile int signal_request_exit; extern volatile int signal_request_hup; @@ -75,3 +85,13 @@ krb5_error_code closedown_network(void *handle, const char *prog); #endif /* _MISC_H */ +======= +void +krb5_iprop_prog_1(struct svc_req *rqstp, SVCXPRT *transp); + +kadm5_ret_t +kiprop_get_adm_host_srv_name(krb5_context, + const char *, + char **); + +>>>>>>> trunk:src/kadmin/server/misc.h Modified: branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c =================================================================== --- branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -122,12 +122,6 @@ void kadm5_set_use_password_server (void); #endif -extern void krb5_iprop_prog_1(); -extern kadm5_ret_t kiprop_get_adm_host_srv_name( - krb5_context, - const char *, - char **); - /* * Function: usage * Modified: branches/mskrb-integ/src/kdc/do_as_req.c =================================================================== --- branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -110,13 +110,11 @@ register int i; krb5_timestamp until, rtime; char *cname = 0, *sname = 0; - const char *fromstring = 0; unsigned int c_flags = 0, s_flags = 0; krb5_principal_data client_princ; - char ktypestr[128]; - char rep_etypestr[128]; - char fromstringbuf[70]; void *pa_context = NULL; + int did_log = 0; + const char *emsg = 0; #if APPLE_PKINIT asReqDebug("process_as_req top realm %s name %s\n", @@ -133,15 +131,6 @@ session_key.contents = 0; enc_tkt_reply.authorization_data = NULL; - ktypes2str(ktypestr, sizeof(ktypestr), - request->nktypes, request->ktype); - - fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype), - from->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; - if (!request->client) { status = "NULL_CLIENT"; errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; @@ -564,14 +553,8 @@ memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length); free(reply.enc_part.ciphertext.data); - rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply); - krb5_klog_syslog(LOG_INFO, - "AS_REQ (%s) %s: ISSUE: authtime %d, " - "%s, %s for %s", - ktypestr, - fromstring, authtime, - rep_etypestr, - cname, sname); + log_as_req(from, request, &reply, cname, sname, authtime, 0, 0, 0); + did_log = 1; #ifdef KRBCONF_KDC_MODIFIES_KDB /* @@ -582,33 +565,31 @@ #endif /* KRBCONF_KDC_MODIFIES_KDB */ update_client = 1; + goto egress; + errout: + assert (status != 0); + /* fall through */ + +egress: if (update_client) { audit_as_request(request, &client, &server, authtime, errcode); } + if (pa_context) free_padata_context(kdc_context, &pa_context); - if (status) { - const char * emsg = 0; - if (errcode) - emsg = krb5_get_error_message (kdc_context, errcode); + if (errcode) + emsg = krb5_get_error_message(kdc_context, errcode); - krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s", - ktypestr, - fromstring, status, - cname ? cname : "", - sname ? sname : "", - errcode ? ", " : "", - errcode ? emsg : ""); - if (errcode) - krb5_free_error_message (kdc_context, emsg); + if (status) { + log_as_req(from, request, &reply, cname, sname, 0, + status, errcode, emsg); + did_log = 1; } if (errcode) { - int got_err = 0; if (status == 0) { - status = krb5_get_error_message (kdc_context, errcode); - got_err = 1; + status = emsg; } errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > 128) @@ -617,11 +598,10 @@ errcode = prepare_error_as(request, errcode, &e_data, c_nprincs ? client.princ : NULL, response, status); - if (got_err) { - krb5_free_error_message (kdc_context, status); - status = 0; - } + status = 0; } + if (emsg) + krb5_free_error_message(kdc_context, emsg); if (enc_tkt_reply.authorization_data != NULL) krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data); @@ -665,7 +645,7 @@ } krb5_free_data_contents(kdc_context, &e_data); - + assert(did_log != 0); return errcode; } Modified: branches/mskrb-integ/src/kdc/do_tgs_req.c =================================================================== --- branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,7 +1,7 @@ /* * kdc/do_tgs_req.c * - * Copyright 1990,1991,2001,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2001,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -76,7 +76,7 @@ krb5_boolean *, int *); static krb5_error_code prepare_error_tgs (krb5_kdc_req *, krb5_ticket *, - int, const char *, krb5_principal, + int, krb5_principal, krb5_data **, const char *); /*ARGSUSED*/ @@ -102,8 +102,7 @@ krb5_timestamp until, rtime; krb5_keyblock encrypting_key; krb5_key_data *server_key; - char *cname = 0, *sname = 0, *tmp = 0; - const char *fromstring = 0; + char *cname = 0, *sname = 0, *altcname = 0; krb5_last_req_entry *nolrarray[2], nolrentry; /* krb5_address *noaddrarray[1]; */ krb5_enctype useenctype; @@ -111,9 +110,6 @@ register int i; int firstpass = 1; const char *status = 0; - char ktypestr[128]; - char rep_etypestr[128]; - char fromstringbuf[70]; krb5_enc_tkt_part *header_enc_tkt = NULL; /* ticket granting or evidence ticket */ krb5_db_entry client, krbtgt; int c_nprincs = 0, k_nprincs = 0; @@ -122,6 +118,7 @@ unsigned int c_flags = 0, s_flags = 0; /* client/server KDB flags */ char *s4u_name = NULL; krb5_boolean is_referral; + const char *emsg = NULL; session_key.contents = NULL; @@ -129,8 +126,6 @@ if (retval) return retval; - ktypes2str(ktypestr, sizeof(ktypestr), - request->nktypes, request->ktype); /* * setup_server_realm() sets up the global realm-specific data pointer. */ @@ -139,12 +134,6 @@ return retval; } - fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype), - from->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; - if ((errcode = krb5_unparse_name(kdc_context, request->server, &sname))) { status = "UNPARSING SERVER"; goto cleanup; @@ -728,7 +717,7 @@ enc_tkt_reply.transited.tr_contents.data, tdots); else { - const char *emsg = krb5_get_error_message(kdc_context, errcode); + emsg = krb5_get_error_message(kdc_context, errcode); krb5_klog_syslog (LOG_ERR, "unexpected error checking transit from " "'%s' to '%s' via '%.*s%s': %s", @@ -738,6 +727,7 @@ enc_tkt_reply.transited.tr_contents.data, tdots, emsg); krb5_free_error_message(kdc_context, emsg); + emsg = NULL; } } else krb5_klog_syslog (LOG_INFO, "not checking transit path"); @@ -764,19 +754,13 @@ krb5_enc_tkt_part *t2enc = request->second_ticket[st_idx]->enc_part2; krb5_principal client2 = t2enc->client; if (!krb5_principal_compare(kdc_context, request->server, client2)) { - if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp))) - tmp = 0; - if (tmp != NULL) - limit_string(tmp); + if ((errcode = krb5_unparse_name(kdc_context, client2, &altcname))) + altcname = 0; + if (altcname != NULL) + limit_string(altcname); - krb5_klog_syslog(LOG_INFO, - "TGS_REQ %s: 2ND_TKT_MISMATCH: " - "authtime %d, %s for %s, 2nd tkt client %s", - fromstring, authtime, - cname ? cname : "", - sname ? sname : "", - tmp ? tmp : ""); errcode = KRB5KDC_ERR_SERVER_NOMATCH; + status = "2ND_TKT_MISMATCH"; goto cleanup; } @@ -851,36 +835,16 @@ free(reply.enc_part.ciphertext.data); cleanup: - if (0) { - assert(header_enc_tkt != NULL); - audit_tgs_request(request, header_enc_tkt->client, &server, header_enc_tkt->times.authtime, errcode); + assert(status != NULL); + if (errcode) + emsg = krb5_get_error_message (kdc_context, errcode); + log_tgs_req(from, request, &reply, cname, sname, altcname, authtime, + status, errcode, emsg); + if (errcode) { + krb5_free_error_message (kdc_context, emsg); + emsg = NULL; } - if (status) { - const char * emsg = NULL; - int s4u = isflagset(c_flags, KRB5_KDB_FLAGS_S4U); - if (!errcode) - rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply); - if (errcode) - emsg = krb5_get_error_message (kdc_context, errcode); - krb5_klog_syslog(LOG_INFO, - "TGS_REQ (%s) %s: %s: authtime %d, " - "%s%s %s %s%s%sfor %s%s%s", - ktypestr, - fromstring, status, authtime, - !errcode ? rep_etypestr : "", - !errcode ? "," : "", - cname ? cname : "", - s4u ? "[on behalf of " : "", - s4u ? (s4u_name != NULL ? s4u_name : "") : "", - s4u ? "] " : "", - sname ? sname : "", - errcode ? ", " : "", - errcode ? emsg : ""); - if (errcode) - krb5_free_error_message (kdc_context, emsg); - } - if (errcode) { int got_err = 0; if (status == 0) { @@ -892,7 +856,7 @@ errcode = KRB_ERR_GENERIC; retval = prepare_error_tgs(request, header_ticket, errcode, - fromstring, nprincs ? server.princ : NULL, + nprincs ? server.princ : NULL, response, status); if (got_err) { krb5_free_error_message (kdc_context, status); @@ -932,7 +896,7 @@ static krb5_error_code prepare_error_tgs (krb5_kdc_req *request, krb5_ticket *ticket, int error, - const char *ident, krb5_principal canon_server, + krb5_principal canon_server, krb5_data **response, const char *status) { krb5_error errpkt; @@ -1024,7 +988,6 @@ } else if (*nprincs == 1) { /* Found it! */ krb5_principal tmpprinc; - char *sname; tmp = *krb5_princ_realm(kdc_context, *pl2); krb5_princ_set_realm(kdc_context, *pl2, @@ -1038,15 +1001,7 @@ krb5_free_principal(kdc_context, request->server); request->server = tmpprinc; - if (krb5_unparse_name(kdc_context, request->server, &sname)) { - krb5_klog_syslog(LOG_INFO, - "TGS_REQ: issuing alternate TGT"); - } else { - limit_string(sname); - krb5_klog_syslog(LOG_INFO, - "TGS_REQ: issuing TGT %s", sname); - free(sname); - } + log_tgs_alt_tgt(request->server); krb5_free_realm_tree(kdc_context, plist); return; } Modified: branches/mskrb-integ/src/kdc/kdc_util.c =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1669,6 +1669,7 @@ more); } + krb5_error_code sign_db_authdata (krb5_context context, unsigned int flags, @@ -2210,3 +2211,124 @@ return 0; } + +/* Main logging routines for ticket requests. + + There are a few simple cases -- unparseable requests mainly -- + where messages are logged otherwise, but once a ticket request can + be decoded in some basic way, these routines are used for logging + the details. */ + +/* "status" is null to indicate success. */ +/* Someday, pass local address/port as well. */ +void +log_as_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg) +{ + const char *fromstring = 0; + char fromstringbuf[70]; + char ktypestr[128]; + const char *cname2 = cname ? cname : ""; + const char *sname2 = sname ? sname : ""; + + fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype), + from->address->contents, + fromstringbuf, sizeof(fromstringbuf)); + if (!fromstring) + fromstring = ""; + ktypes2str(ktypestr, sizeof(ktypestr), + request->nktypes, request->ktype); + + if (status == NULL) { + /* success */ + char rep_etypestr[128]; + rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); + krb5_klog_syslog(LOG_INFO, + "AS_REQ (%s) %s: ISSUE: authtime %d, %s, %s for %s", + ktypestr, fromstring, authtime, + rep_etypestr, cname2, sname2); + } else { + /* fail */ + krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s", + ktypestr, fromstring, status, + cname2, sname2, emsg ? ", " : "", emsg ? emsg : ""); + } +#if 0 + /* Sun (OpenSolaris) version would probably something like this. + The client and server names passed can be null, unlike in the + logging routines used above. Note that a struct in_addr is + used, but the real address could be an IPv6 address. */ + audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0, + cname, sname, errcode); +#endif +} + +/* Here "status" must be non-null. Error code + KRB5KDC_ERR_SERVER_NOMATCH is handled specially. */ +void +log_tgs_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, const char *altcname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg) +{ + char ktypestr[128]; + const char *fromstring = 0; + char fromstringbuf[70]; + char rep_etypestr[128]; + + fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype), + from->address->contents, + fromstringbuf, sizeof(fromstringbuf)); + if (!fromstring) + fromstring = ""; + ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype); + if (!errcode) + rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); + else + rep_etypestr[0] = 0; + + /* Differences: server-nomatch message logs 2nd ticket's client + name (useful), and doesn't log ktypestr (probably not + important). */ + if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) + krb5_klog_syslog(LOG_INFO, + "TGS_REQ (%s) %s: %s: authtime %d, %s%s %s for %s%s%s", + ktypestr, + fromstring, status, authtime, + rep_etypestr, + !errcode ? "," : "", + cname ? cname : "", + sname ? sname : "", + errcode ? ", " : "", + errcode ? emsg : ""); + else + krb5_klog_syslog(LOG_INFO, + "TGS_REQ %s: %s: authtime %d, %s for %s, 2nd tkt client %s", + fromstring, status, authtime, + cname ? cname : "", + sname ? sname : "", + altcname ? altcname : ""); + + /* OpenSolaris: audit_krb5kdc_tgs_req(...) or + audit_krb5kdc_tgs_req_2ndtktmm(...) */ +} + +void +log_tgs_alt_tgt(krb5_principal p) +{ + char *sname; + if (krb5_unparse_name(kdc_context, p, &sname)) { + krb5_klog_syslog(LOG_INFO, + "TGS_REQ: issuing alternate TGT"); + } else { + limit_string(sname); + krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname); + free(sname); + } + /* OpenSolaris: audit_krb5kdc_tgs_req_alt_tgt(...) */ +} + Modified: branches/mskrb-integ/src/kdc/kdc_util.h =================================================================== --- branches/mskrb-integ/src/kdc/kdc_util.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kdc/kdc_util.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -277,8 +277,25 @@ validate_transit_path(krb5_context context, krb5_const_principal client, krb5_db_entry *server, - krb5_db_entry *krbtgt); + krb5_db_entry *krbtgt); + +void +log_as_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg); +void +log_tgs_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, const char *altcname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg); +void log_tgs_alt_tgt(krb5_principal p); + + + #define isflagset(flagfield, flag) (flagfield & (flag)) #define setflag(flagfield, flag) (flagfield |= (flag)) #define clear(flagfield, flag) (flagfield &= ~(flag)) Modified: branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m =================================================================== --- branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m 2009-01-03 03:00:25 UTC (rev 21678) @@ -75,8 +75,8 @@ { [[self window] center]; // We need to float over the loginwindow and SecurityAgent so use its hardcoded level. - [[self window] setLevel:NSScreenSaverWindowLevel]; - + [[self window] setLevel:NSModalPanelWindowLevel]; + visibleAsSheet = NO; lifetimeFormatter.displaySeconds = NO; Modified: branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m =================================================================== --- branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m 2009-01-03 03:00:25 UTC (rev 21678) @@ -55,7 +55,7 @@ NSString *message = nil; [[self window] center]; - [[self window] setLevel:NSScreenSaverWindowLevel]; + [[self window] setLevel:NSModalPanelWindowLevel]; longTimeFormatter.displaySeconds = NO; longTimeFormatter.displayShortFormat = NO; Modified: branches/mskrb-integ/src/krb5-config.M =================================================================== --- branches/mskrb-integ/src/krb5-config.M 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb5-config.M 2009-01-03 03:00:25 UTC (rev 21678) @@ -64,7 +64,6 @@ .in +.5i krb5 Kerberos 5 application gssapi GSSAPI application with Kerberos 5 bindings -krb4 Kerberos 4 application kadm-client Kadmin client kadm-server Kadmin server kdb Application that accesses the kerberos database Modified: branches/mskrb-integ/src/krb5-config.in =================================================================== --- branches/mskrb-integ/src/krb5-config.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb5-config.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -32,8 +32,6 @@ includedir=@includedir@ libdir=@libdir@ CC_LINK='@CC_LINK@' -KRB4_LIB=@KRB4_LIB@ -DES425_LIB=@DES425_LIB@ KDB5_DB_LIB=@KDB5_DB_LIB@ LDFLAGS='@LDFLAGS@' RPATH_FLAG='@RPATH_FLAG@' @@ -87,9 +85,6 @@ gssapi) library=gssapi ;; - krb4) - library=krb4 - ;; kadm-client) library=kadm_client ;; @@ -126,7 +121,6 @@ echo "Libraries:" echo " krb5 Kerberos 5 application" echo " gssapi GSSAPI application with Kerberos 5 bindings" - echo " krb4 Kerberos 4 application" echo " kadm-client Kadmin client" echo " kadm-server Kadmin server" echo " kdb Application that accesses the kerberos database" @@ -219,11 +213,6 @@ library=krb5 fi - if test $library = 'krb4'; then - lib_flags="$lib_flags $KRB4_LIB $DES425_LIB" - library=krb5 - fi - if test $library = 'krb5'; then lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB" fi Deleted: branches/mskrb-integ/src/krb524/Makefile.in =================================================================== --- branches/mskrb-integ/src/krb524/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,175 +0,0 @@ -thisconfigdir=.. -myfulldir=krb524 -mydir=krb524 -BUILDTOP=$(REL).. -KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS) -DEFS= - -# Copyright 1994 by OpenVision Technologies, Inc. -# -# Permission to use, copy, modify, distribute, and sell this software -# and its documentation for any purpose is hereby granted without fee, -# provided that the above copyright notice appears in all copies and -# that both that copyright notice and this permission notice appear in -# supporting documentation, and that the name of OpenVision not be used -# in advertising or publicity pertaining to distribution of the software -# without specific, written prior permission. OpenVision makes no -# representations about the suitability of this software for any -# purpose. It is provided "as is" without express or implied warranty. -# -# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO -# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR -# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF -# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. -# - -DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1 -PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) -PROG_RPATH=$(KRB5_LIBDIR) - -##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_INCLUDES) -##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES) -##WIN32##!endif - -##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_LIB) -##WIN32##K4LIB=$(USE_ALTERNATE_KRB4_LIB) -##WIN32##!endif - -K524EXE = $(OUTPRE)k524init.exe -K524LIB = $(OUTPRE)krb524.lib -K524DEP = $(K524LIB) -K524DEF = krb524.def -WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \ - version.lib advapi32.lib gdi32.lib - -LOCALINCLUDES= $(KRB4_INCLUDES) -I. -I$(srcdir) - -# Library sources -SRCS = \ - $(srcdir)/cnv_tkt_skey.c \ - $(srcdir)/libinit.c \ - $(srcdir)/krb524.c - -EXTRADEPSRCS = \ - $(srcdir)/test.c \ - $(srcdir)/k524init.c \ - $(srcdir)/krb524d.c - -##WIN32##!ifdef KRB524_STATIC_HACK -##WIN32##LPREFIX=..\lib -##WIN32##K5_GLUE=$(LPREFIX)\$(OUTPRE)k5_glue.obj -##WIN32##KLIBS = $(LPREFIX)\krb5\$(OUTPRE)krb5.lib \ -##WIN32## $(LPREFIX)\crypto\$(OUTPRE)crypto.lib \ -##WIN32## $(BUILDTOP)\util\profile\$(OUTPRE)profile.lib \ -##WIN32## $(LPREFIX)\des425\$(OUTPRE)des425.lib -##WIN32##KLIB=$(KLIBS) $(DNSLIBS) $(K5_GLUE) $(CLIB) -##WIN32##STLIBOBJS=$(STLIBOBJS:libinit=globals) -##WIN32##K524DEP=$(STLIBOBJS) -##WIN32##!endif - -##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc -##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY - -##WIN32##EXERES=$(K524EXE:.exe=.res) -##WIN32##LIBRES=$(K524LIB:.lib=.res) - -##WIN32##$(EXERES): $(VERSIONRC) -##WIN32## $(RC) $(RCFLAGS) -DKRB524_INIT -fo $@ -r $** -##WIN32##$(LIBRES): $(VERSIONRC) -##WIN32## $(RC) $(RCFLAGS) -DKRB524_LIB -fo $@ -r $** - -all-unix:: krb524d krb524test k524init - -##WIN32##all-windows:: $(K524EXE) $(K524LIB) - -krb524test: test.o $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o krb524test test.o $(KRB5_LIB) $(KRB4COMPAT_LIBS) - -SERVER_OBJS= krb524d.o cnv_tkt_skey.o -CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT) - -krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) - -k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS) - -##WIN32##$(K524LIB): $(OUTPRE)krb524.$(OBJEXT) $(OUTPRE)libinit.$(OBJEXT) $(KLIB) $(CLIB) $(LIBRES) -##WIN32## link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS) -##WIN32## $(_VC_MANIFEST_EMBED_DLL) - -##WIN32##$(K524EXE): $(OUTPRE)k524init.$(OBJEXT) $(KLIB) $(K4LIB) $(CLIB) $(EXERES) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib -##WIN32## link $(EXE_LINKOPTS) -out:$@ $** $(WINLIBS) $(SCLIB) -##WIN32## $(_VC_MANIFEST_EMBED_EXE) - -install-unix:: - $(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d - $(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init - $(INSTALL_DATA) $(srcdir)/krb524d.M $(DESTDIR)$(SERVER_MANDIR)/krb524d.8 - $(INSTALL_DATA) $(srcdir)/k524init.M \ - $(DESTDIR)$(CLIENT_MANDIR)/krb524init.1 - -clean-unix:: - $(RM) $(OBJS) core *~ *.bak #* - $(RM) krb524test krb524d k524init test.o $(CLIENT_OBJS) $(SERVER_OBJS) - - -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)cnv_tkt_skey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h cnv_tkt_skey.c krb524d.h -$(OUTPRE)libinit.$(OBJEXT): libinit.c -$(OUTPRE)krb524.$(OBJEXT): krb524.c -$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h test.c -$(OUTPRE)k524init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h k524init.c -$(OUTPRE)krb524d.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb524d.c krb524d.h Deleted: branches/mskrb-integ/src/krb524/README =================================================================== --- branches/mskrb-integ/src/krb524/README 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/README 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,154 +0,0 @@ -Copyright 1994 by OpenVision Technologies, Inc. - -Permission to use, copy, modify, distribute, and sell this software -and its documentation for any purpose is hereby granted without fee, -provided that the above copyright notice appears in all copies and -that both that copyright notice and this permission notice appear in -supporting documentation, and that the name of OpenVision not be used -in advertising or publicity pertaining to distribution of the software -without specific, written prior permission. OpenVision makes no -representations about the suitability of this software for any -purpose. It is provided "as is" without express or implied warranty. - -OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO -EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF -USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - - -Kerberos V5 to Kerberos V4 Credentials Converting Service, ALPHA RELEASE -======================================================================== - -krb524 is a service that converts Kerberos V5 credentials into -Kerberos V4 credentials suitable for use with applications that for -whatever reason do not use V5 directly. The service consists of a -server that has access to the secret key of the Kerberos service for -which credentials will be converted, and a library for use by client -programs that wish to use the server. - -The protocol is simple. Suppose that a client C wishes to obtain V4 -credentials for a V5 service S by using the krb524 server. The -notation {C,S}_n represents a Vn service ticket for S for use by C. - -(1) C obtains V5 credentials, including a ticket {C,S}_5, for S by the -normal V5 means. - -(2) C transmits {C,S}_5 to KRB524. - -(3) KRB524 converts {C,S}_5 into {C,S}_4. - -(4) KRB524 transmits {C,S}_4 to C. - -(5) C creates a V4 credentials strucuture from the plaintext -information in the V5 credential and {C,S}_4. - -Steps (2) through (4) are encapsulated in a single function call in -the krb524 library. - -An alternate conversion is provided for AFS servers that support the -encrypted part of a krb5 ticket as an AFS token. If the krb524d is -converting a principal whose first component is afs and if the -encrypted part of the ticket fits in 344 bytes, then it will default -to simply returning the encrypted part of the ticket as a token. If -it turns out that the AFS server does not support the ticket, then -users will get an unknown key version error and the krb524d must be -configured to use v4 tickets for this AFS service. - - -Obviously, not all V5 credentials can be completely converted to V4 -credentials, since the former is a superset of the latter. The -precise semantics of the conversion function are still undecided. -UTSL. - -Programs contained in this release -====================================================================== - -krb524d [-m[aster]] [-k[eytab]] - -The krb524 server. It accepts UDP requests on the krb524 service -port, specified in /etc/services, or on port 4444 by default. (A -request for an official port assignment is underway.) The -m argument -causes krb524d to access the KDC master database directly; the -k -argument causes krb524d to use the default keytab (and therefore only -be able to convert tickets for services in the keytab). Only one of --m or -k can be specified. - -test -remote server client service - -A test program that obtains a V5 credential for {client,service}, -converts it to a V4 credential, and prints out the entire contents of -both versions. It prompts for service's secret key, which it needs to -decrypt both tickets in order to print them out. Enter it as an eight -digit ASCII hex number. - -k524init [-n] [-p principal] - -Convert a V5 credential into a V4 credential and store it in a V4 -ticket file. The client is 'principal', or krbtgt at the V5 ccache's -default principal's realm if not specified. The -n argument causes -the new ticket to be added to the existing ticket file; otherwise, the -ticket file is initialized. - -Configuring krb524d AFS Conversion -====================================================================== - -The krb524d looks in the appdefaults section of krb5.conf for an -application called afs_krb5 to determine whether afs principals -support encrypted ticket parts as tokens. The following configuration -fragment says that afs/sipb.mit.edu at ATHENA.MIT.EDU supports the new -token format but afs at ATHENA.MIT.EDU and -afs/athena.mit.edu at ATHENA.MIT.EDU do not. Note that the default is to -assume afs servers support the new format. - -[appdefaults] -afs_krb5 = { - ATHENA.MIT.EDU = { - # This stanza describes principals in the - #ATHENA.MIT.EDU realm - afs = false - afs/athena.mit.edu = false - afs/sipb.mit.edu = true - } -} - - -Using libkrb524.a -====================================================================== - -To use libkrb524.a, #include "krb524.h", link against libkrb524.a, -call krb524_init_ets() at the beginning of your program, and call one -of the following two functions: - -int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds, - struct sockaddr *saddr) - -int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds) - -Both convert the V5 credential in v5creds into a V4 credential in -v4creds. One assumes krb524d is running on the KDC, the other uses an -explicit host. You only need to specify the address for saddr; the -port is filled in automatically. - -Unresolved issues / Bugs -====================================================================== - -o krb524d requires access to the secret key of any service to be -converted. Should krb524d run on the KDC or on individual server -machines? The latter is more paranoid, since it prevents bugs in -krb524d from provided unauthorized access to the master database. -However, it also requires the client to provide the address of the -server to be used. The client will usually have this information -(since presumably it will be sending the converted V4 credentials to -the same server) but it may not be in a convenient form. It seems -"cleaner" to have krb524d run on the KDC. - -o Even if krb524d uses keytabs on server machines, it needs to be more -flexible. You only want to run one krb524d per host, so it has to be -able to scan multiple keytabs. This might get logistically messy. - -o This code is of alpha quality. Bugs, omissions, memory leaks, and -perhaps security holes still remain. Do not use it (yet) in a -production environment. Deleted: branches/mskrb-integ/src/krb524/cnv_tkt_skey.c =================================================================== --- branches/mskrb-integ/src/krb524/cnv_tkt_skey.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/cnv_tkt_skey.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,223 +0,0 @@ -/* - * Copyright 2003 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "k5-int.h" /* we need krb5_context::clockskew */ -#include -#include - -#ifdef _WIN32 -#include "port-sockets.h" -#else -#include -#include -#endif -#include -#include "krb524d.h" - -static int krb524d_debug = 0; - -static int -krb524_convert_princs(context, client, server, pname, pinst, prealm, - sname, sinst, srealm) - krb5_context context; - krb5_principal client, server; - char *pname, *pinst, *prealm, *sname, *sinst, *srealm; -{ - int ret; - - if ((ret = krb5_524_conv_principal(context, client, pname, pinst, - prealm))) - return ret; - - return krb5_524_conv_principal(context, server, sname, sinst, srealm); -} -/* - * Convert a v5 ticket for server to a v4 ticket, using service key - * skey for both. - */ -int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, - saddr) - krb5_context context; - krb5_ticket *v5tkt; - KTEXT_ST *v4tkt; - krb5_keyblock *v5_skey, *v4_skey; - struct sockaddr_in *saddr; -{ - char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; - char sname[ANAME_SZ], sinst[INST_SZ], srealm[REALM_SZ]; - krb5_enc_tkt_part *v5etkt; - int ret, lifetime, v4endtime; - krb5_timestamp server_time; - struct sockaddr_in *sinp = (struct sockaddr_in *)saddr; - krb5_address kaddr; - - v5tkt->enc_part2 = NULL; - if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) { - return ret; - } - v5etkt = v5tkt->enc_part2; - - if (v5etkt->transited.tr_contents.length != 0) { - /* Some intermediate realms transited -- do we accept them? - - Simple answer: No. - - More complicated answer: Check our local config file to - see if the path is correct, and base the answer on that. - This denies the krb4 application server any ability to do - its own validation as krb5 servers can. - - Fast answer: Not right now. */ - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - /* We could also encounter a case where luser at R1 gets a ticket - for krbtgt/R3 at R2, and then tries to convert it. But the - converted ticket would be one the v4 KDC code should reject - anyways. So we don't need to worry about it here. */ - - if ((ret = krb524_convert_princs(context, v5etkt->client, v5tkt->server, - pname, pinst, prealm, sname, - sinst, srealm))) { - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return ret; - } - if ((v5etkt->session->enctype != ENCTYPE_DES_CBC_CRC && - v5etkt->session->enctype != ENCTYPE_DES_CBC_MD4 && - v5etkt->session->enctype != ENCTYPE_DES_CBC_MD5) || - v5etkt->session->length != sizeof(C_Block)) { - if (krb524d_debug) - fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n", - v5etkt->session->enctype, - v5etkt->session->length, - (int) sizeof(C_Block)); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB524_BADKEY; - } - - /* V4 has no concept of authtime or renew_till, so ignore them */ - if (v5etkt->times.starttime == 0) - v5etkt->times.starttime = v5etkt->times.authtime; - /* rather than apply fit an extended v5 lifetime into a v4 range, - give out a v4 ticket with as much of the v5 lifetime is available - "now" instead. */ - if ((ret = krb5_timeofday(context, &server_time))) { - if (krb524d_debug) - fprintf(stderr, "krb5_timeofday failed!\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return ret; - } - if ((server_time + context->clockskew >= v5etkt->times.starttime) - && (server_time - context->clockskew <= v5etkt->times.endtime)) { - lifetime = krb_time_to_life(server_time, v5etkt->times.endtime); - v4endtime = krb_life_to_time(server_time, lifetime); - /* - * Adjust start time backwards if the lifetime value - * returned by krb_time_to_life() maps to a longer lifetime - * than that of the original krb5 ticket. - */ - if (v4endtime > v5etkt->times.endtime) - server_time -= v4endtime - v5etkt->times.endtime; - } else { - if (krb524d_debug) - fprintf(stderr, "v5 ticket time out of bounds\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - if (server_time+context->clockskew < v5etkt->times.starttime) - return KRB5KRB_AP_ERR_TKT_NYV; - else if (server_time-context->clockskew > v5etkt->times.endtime) - return KRB5KRB_AP_ERR_TKT_EXPIRED; - else /* shouldn't happen, but just in case... */ - return KRB5KRB_AP_ERR_TKT_NYV; - } - - kaddr.addrtype = ADDRTYPE_INET; - kaddr.length = sizeof(sinp->sin_addr); - kaddr.contents = (krb5_octet *)&sinp->sin_addr; - - if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) { - if (krb524d_debug) - fprintf(stderr, "Invalid v5creds address information.\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB524_BADADDR; - } - - if (krb524d_debug) - printf("startime = %ld, authtime = %ld, lifetime = %ld\n", - (long) v5etkt->times.starttime, - (long) v5etkt->times.authtime, - (long) lifetime); - - /* XXX are there V5 flags we should map to V4 equivalents? */ - if (v4_skey->enctype == ENCTYPE_DES_CBC_CRC) { - ret = krb_create_ticket(v4tkt, - 0, /* flags */ - pname, - pinst, - prealm, - sinp->sin_addr.s_addr, - (char *) v5etkt->session->contents, - lifetime, - /* issue_data */ - server_time, - sname, - sinst, - v4_skey->contents); - } - else abort(); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - if (ret == KSUCCESS) - return 0; - else - return KRB524_V4ERR; -} Deleted: branches/mskrb-integ/src/krb524/k524init.M =================================================================== --- branches/mskrb-integ/src/krb524/k524init.M 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/k524init.M 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,47 +0,0 @@ -.\" krb524/k524init.M -.\" -.\" Copyright 2005 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. Furthermore if you modify this software you must label -.\" your software as modified software and not distribute it in such a -.\" fashion that it might be confused with the original M.I.T. software. -.\" M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" " -.TH KRB524INIT 1 -.SH NAME -krb524init \- Obtain Kerberos V4 tickets from Kerberos V5 tickets -.SH SYNOPSIS -\fBkrb524init\fP [\fB\-n\fP] [\fB\-p\fP \fIprincipal\fP] -.SH DESCRIPTION -.I krb524init -converts a V5 credential to a V4 credential by querying a remote krb524d -server and stores it in a V4 ticket cache. The credential is -.I principal -or "krbtgt" at the V5 ticket cache's default principal's realm if not -specified. -.SH OPTIONS -.TP -.B \-n -By default, the V4 ticket cache is initialized. If this option is given, -the converted credential is instead added to the existing ticket cache. -.TP -\fB\-p\fP \fIprincipal\fP -Convert -.I principal -rather than krbtgt. -.SH SEE ALSO -kinit(1), krb524d(8) Deleted: branches/mskrb-integ/src/krb524/k524init.c =================================================================== --- branches/mskrb-integ/src/krb524/k524init.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/k524init.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,183 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "autoconf.h" -#include "k5-int.h" /* for data_eq */ -#include -#include "com_err.h" - -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#include -#include -#include -#ifndef _WIN32 -#include -#include -#include -#endif - -#include - -extern int optind; -extern char *optarg; -char *prog = "k524init"; - -int main(argc, argv) - int argc; - char **argv; -{ - krb5_principal client, server; - krb5_ccache cc; - krb5_creds increds, *v5creds; - CREDENTIALS v4creds; - int code; - int option; - char *princ = NULL; - int nodelete = 0; - int lose = 0; - krb5_context context; - krb5_error_code retval; - - if (argv[0]) { - prog = strrchr (argv[0], '/'); - if (prog) - prog++; - else - prog = argv[0]; - } - - retval = krb5_init_context(&context); - if (retval) { - com_err(prog, retval, "while initializing krb5"); - exit(1); - } - - while(((option = getopt(argc, argv, "p:n")) != -1)) { - switch(option) { - case 'p': - princ = optarg; - break; - case 'n': - nodelete++; - break; - default: - lose++; - break; - } - } - - if (lose || (argc - optind > 1)) { - fprintf(stderr, "Usage: %s [-p principal] [-n]\n", prog); - exit(1); - } - - if ((code = krb5_cc_default(context, &cc))) { - com_err(prog, code, "opening default credentials cache"); - exit(1); - } - - if ((code = krb5_cc_get_principal(context, cc, &client))) { - com_err(prog, code, "while retrieving user principal name"); - exit(1); - } - - if (princ) { - if ((code = krb5_parse_name(context, princ, &server))) { - com_err(prog, code, "while parsing service principal name"); - exit(1); - } - } else { - if ((code = krb5_build_principal(context, &server, - krb5_princ_realm(context, client)->length, - krb5_princ_realm(context, client)->data, - "krbtgt", - krb5_princ_realm(context, client)->data, - NULL))) { - com_err(prog, code, "while creating service principal name"); - exit(1); - } - } - - if (!nodelete) { - krb5_data *crealm = krb5_princ_realm (context, client); - krb5_data *srealm = krb5_princ_realm (context, server); - if (!data_eq(*crealm, *srealm)) { - /* Since krb4 ticket files don't store the realm name - separately, and the client realm is assumed to be the - realm of the first ticket, let's not store an initial - ticket with the wrong realm name, since it'll confuse - other programs. */ - fprintf (stderr, - "%s: Client and server principals' realm names are different;\n" - "\tbecause of limitations in the krb4 ticket file implementation,\n" - "\tthis doesn't work for an initial ticket. Try `%s -n'\n" - "\tif you already have other krb4 tickets, or convert the\n" - "\tticket-granting ticket from your home realm.\n", - prog, prog); - exit (1); - } - } - - memset((char *) &increds, 0, sizeof(increds)); - increds.client = client; - increds.server = server; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ((code = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) { - com_err(prog, code, "getting V5 credentials"); - exit(1); - } - - if ((code = krb5_524_convert_creds(context, v5creds, &v4creds))) { - com_err(prog, code, "converting to V4 credentials"); - exit(1); - } - - /* this is stolen from the v4 kinit */ - - if (!nodelete) { - /* initialize ticket cache */ - code = krb_in_tkt(v4creds.pname,v4creds.pinst,v4creds.realm); - if (code != KSUCCESS) { - fprintf (stderr, "%s: %s trying to create the V4 ticket file", - prog, krb_get_err_text (code)); - exit(1); - } - } - - /* stash ticket, session key, etc. for future use */ - /* This routine does *NOT* return one of the usual com_err codes. */ - if ((code = krb_save_credentials(v4creds.service, v4creds.instance, - v4creds.realm, v4creds.session, - v4creds.lifetime, v4creds.kvno, - &(v4creds.ticket_st), - v4creds.issue_date))) { - fprintf (stderr, "%s: %s trying to save the V4 ticket\n", - prog, krb_get_err_text (code)); - exit(1); - } - - exit(0); -} Deleted: branches/mskrb-integ/src/krb524/krb524.c =================================================================== --- branches/mskrb-integ/src/krb524/krb524.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/krb524.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2003 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#ifdef _WIN32 -#include "krb5.h" - -#ifdef krb524_convert_creds_kdc -#undef krb524_convert_creds_kdc -#endif -#ifdef krb524_init_ets -#undef krb524_init_ets -#endif - -int KRB5_CALLCONV_WRONG -krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds) -{ - return(krb5_524_convert_creds(context,v5creds,v4creds)); -} - -void KRB5_CALLCONV_WRONG -krb524_init_ets(krb5_context context) -{ - /* no-op */ -} -#endif /* _WIN32 */ Deleted: branches/mskrb-integ/src/krb524/krb524.def =================================================================== --- branches/mskrb-integ/src/krb524/krb524.def 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/krb524.def 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,13 +0,0 @@ -;---------------------------------------------------- -; KRB524.DEF - KRB524.DLL module definition file -;---------------------------------------------------- - -; **************************************************************************** -; Do not add any function to this file until you make sure the calling -; convention for the exported function is KRB5_CALLCONV -; **************************************************************************** - - -EXPORTS - krb524_convert_creds_kdc @1 - krb524_init_ets @2 Deleted: branches/mskrb-integ/src/krb524/krb524_prot =================================================================== --- branches/mskrb-integ/src/krb524/krb524_prot 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/krb524_prot 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,11 +0,0 @@ -Protocol: - - -> ASN.1 encoded V5 ticket - <- int status_code, [int kvno, encode_v4tkt encoded KTEXT_ST] - -kvno and V4 ticket are only included if status_code is zero. - -The kvno for the converted ticket is sent explicitly because the field -is ASN.1 encoded in the krb5_creds structure; the client would have to -decode (but not decrypt) the entire krb5_ticket structure to get it, -which would be inefficient. Deleted: branches/mskrb-integ/src/krb524/krb524d.M =================================================================== --- branches/mskrb-integ/src/krb524/krb524d.M 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/krb524d.M 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,74 +0,0 @@ -.\" krb524/krb524d.M -.\" -.\" Copyright 1990 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. Furthermore if you modify this software you must label -.\" your software as modified software and not distribute it in such a -.\" fashion that it might be confused with the original M.I.T. software. -.\" M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" " -.TH KRB524D 8 -.SH NAME -krb524d \- Version 5 to Version 4 Credentials Conversion Daemon -.SH SYNOPSIS -.B krb524d -[ -.B \-m[aster] -| -.B \-k[eytab] -] [ -.B \-r -.I realm -] [ -.B \-nofork -] [ -.B \-p -.I portnum -] -.br -.SH DESCRIPTION -.I krb524d -is the Kerberos Version 5 to Version 4 Credentials Conversion daemon. -It works in conjuction with a krb5kdc to allow clients to acquire Kerberos -version 4 tickets from Kerberos version 5 tickets without specifying a password. -.SH OPTIONS -.TP -\fB\-m[aster]\fP -Use the KDC database to convert credentials. This option cannot be combined with -\fB\-k[eytab]\fP. -.TP -\fB\-k[eytab]\fP -Use the default keytab to convert credentials. This option cannot be combined with -\fB\-m[aster]\fP. -.TP -\fB\-r\fP \fIrealm\fP -Convert credentials for \fIrealm\fP; by default the realm returned by -.IR krb5_default_local_realm (3) -is used. -.TP -\fB\-nofork\fP -specifies that krb524d not fork on launch. Useful for debugging purposes. -.TP -\fB\-p\fP \fIportnum\fP -specifies the default UDP port number which krb524d should listen on for -Kerberos 524 requests. This value is used when no port is specified in -the KDC profile and when no port is specified in the Kerberos configuration -file. -If no value is available, then the value in /etc/services for service -"krb524" is used. -.SH SEE ALSO -kerberos(1), krb5kdc(8), kdb5_util(8), kdc.conf(5) Deleted: branches/mskrb-integ/src/krb524/krb524d.c =================================================================== --- branches/mskrb-integ/src/krb524/krb524d.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/krb524d.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,637 +0,0 @@ -/* - * Copyright (C) 2002, 2007, 2008 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include - -#include -#include -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#include -#include -#include -#include -#include -#include - -#include -#include "krb524d.h" - -#if defined(NEED_DAEMON_PROTO) -extern int daemon(int, int); -#endif - -#define TIMEOUT 60 -#define TKT_BUFSIZ 2048 -#define MSGSIZE 8192 - -char *whoami; -int signalled = 0; -static int debug = 0; -void *handle = NULL; - -int use_keytab, use_master; -int allow_v4_crossrealm = 0; -char *keytab = NULL; -krb5_keytab kt; - -void init_keytab(krb5_context), - init_master(krb5_context, kadm5_config_params *), - cleanup_and_exit(int, krb5_context); -krb5_error_code do_connection(int, krb5_context); -krb5_error_code lookup_service_key(krb5_context, krb5_principal, - krb5_enctype, krb5_kvno, - krb5_keyblock *, krb5_kvno *); -krb5_error_code kdc_get_server_key(krb5_context, krb5_principal, - krb5_keyblock *, krb5_kvno *, - krb5_enctype, krb5_kvno); - -static krb5_error_code -handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt, - struct sockaddr_in *saddr, - krb5_data *tktdata, krb5_kvno *v4kvno); -static krb5_error_code -afs_return_v4(krb5_context, const krb5_principal , int *use_v5); - -static void usage(context) - krb5_context context; -{ - fprintf(stderr, "Usage: %s [-k[eytab]] [-m[aster] [-r realm]] [-nofork] [-p portnum]\n", whoami); - cleanup_and_exit(1, context); -} - -static RETSIGTYPE request_exit(signo) - int signo; -{ - signalled = 1; -} - -int (*encode_v4tkt)(KTEXT, char *, unsigned int *) = 0; - -int main(argc, argv) - int argc; - char **argv; -{ - struct servent *serv; - struct sockaddr_in saddr; - struct timeval timeout; - int ret, s, nofork; - fd_set rfds; - krb5_context context; - krb5_error_code retval; - kadm5_config_params config_params; - unsigned long port = 0; - - whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]); - - retval = krb5int_init_context_kdc(&context); - if (retval) { - com_err(whoami, retval, "while initializing krb5"); - exit(1); - } - - { - krb5int_access k5int; - retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION); - if (retval != 0) { - com_err(whoami, retval, - "while accessing krb5 library internal support"); - exit(1); - } - encode_v4tkt = k5int.krb524_encode_v4tkt; - if (encode_v4tkt == NULL) { - com_err(whoami, 0, - "krb4 support disabled in krb5 support library"); - exit(1); - } - } - - argv++; argc--; - use_master = use_keytab = nofork = 0; - config_params.mask = 0; - - while (argc) { - if (strncmp(*argv, "-X", 2) == 0) { - allow_v4_crossrealm = 1; - } - else if (strncmp(*argv, "-k", 2) == 0) - use_keytab = 1; - else if (strncmp(*argv, "-m", 2) == 0) - use_master = 1; - else if (strcmp(*argv, "-nofork") == 0) - nofork = 1; - else if (strcmp(*argv, "-r") == 0) { - argv++; argc--; - if (argc == 0 || !use_master) - usage(context); - config_params.mask |= KADM5_CONFIG_REALM; - config_params.realm = *argv; - } - else if (strcmp(*argv, "-p") == 0) { - char *endptr = 0; - argv++; argc--; - if (argc == 0) - usage (context); - if (port != 0) { - com_err (whoami, 0, - "port number may only be specified once"); - exit (1); - } - port = strtoul (*argv, &endptr, 0); - if (*endptr != '\0' || port > 65535 || port == 0) { - com_err (whoami, 0, - "invalid port number %s, must be 1..65535\n", - *argv); - exit (1); - } - } - else - break; - argv++; argc--; - } - if (argc || use_keytab + use_master > 1 || - use_keytab + use_master == 0) { - use_keytab = use_master = 0; - usage(context); - } - - signal(SIGINT, request_exit); - signal(SIGHUP, SIG_IGN); - signal(SIGTERM, request_exit); - - krb5_klog_init(context, "krb524d", whoami, !nofork); - - if (use_keytab) - init_keytab(context); - if (use_master) - init_master(context, &config_params); - - memset((char *) &saddr, 0, sizeof(struct sockaddr_in)); - saddr.sin_family = AF_INET; - saddr.sin_addr.s_addr = INADDR_ANY; - if (port == 0) { - serv = getservbyname(KRB524_SERVICE, "udp"); - if (serv == NULL) { - com_err(whoami, 0, "service entry `%s' not found, using %d", - KRB524_SERVICE, KRB524_PORT); - saddr.sin_port = htons(KRB524_PORT); - } else - saddr.sin_port = serv->s_port; - } else - saddr.sin_port = htons(port); - - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - com_err(whoami, errno, "creating main socket"); - cleanup_and_exit(1, context); - } - set_cloexec_fd(s); - if ((ret = bind(s, (struct sockaddr *) &saddr, - sizeof(struct sockaddr_in))) < 0) { - com_err(whoami, errno, "binding main socket"); - cleanup_and_exit(1, context); - } - if (!nofork && daemon(0, 0)) { - com_err(whoami, errno, "while detaching from tty"); - cleanup_and_exit(1, context); - } - - while (1) { - FD_ZERO(&rfds); - FD_SET(s, &rfds); - timeout.tv_sec = TIMEOUT; - timeout.tv_usec = 0; - - ret = select(s+1, &rfds, NULL, NULL, &timeout); - if (signalled) - cleanup_and_exit(0, context); - else if (ret == 0) { - if (use_master) { - ret = kadm5_flush(handle); - if (ret && ret != KRB5_KDB_DBNOTINITED) { - com_err(whoami, ret, "closing kerberos database"); - cleanup_and_exit(1, context); - } - } - } else if (ret < 0 && errno != EINTR) { - com_err(whoami, errno, "in select"); - cleanup_and_exit(1, context); - } else if (FD_ISSET(s, &rfds)) { - if (debug) - printf("received packet\n"); - if ((ret = do_connection(s, context))) { - com_err(whoami, ret, "handling packet"); - } - } else - com_err(whoami, 0, "impossible situation occurred!"); - } - - cleanup_and_exit(0, context); -} - -void cleanup_and_exit(ret, context) - int ret; - krb5_context context; -{ - if (use_master && handle) { - (void) kadm5_destroy(handle); - } - if (use_keytab && kt) krb5_kt_close(context, kt); - krb5_klog_close(context); - krb5_free_context(context); - exit(ret); -} - -void init_keytab(context) - krb5_context context; -{ - int ret; - use_keytab = 0; - if (keytab == NULL) { - if ((ret = krb5_kt_default(context, &kt))) { - com_err(whoami, ret, "while opening default keytab"); - cleanup_and_exit(1, context); - } - } else { - if ((ret = krb5_kt_resolve(context, keytab, &kt))) { - com_err(whoami, ret, "while resolving keytab %s", - keytab); - cleanup_and_exit(1, context); - } - } - use_keytab = 1; /* now safe to close keytab */ -} - -void init_master(context, params) - krb5_context context; - kadm5_config_params *params; -{ - int ret; - - use_master = 0; - if ((ret = kadm5_init(whoami, NULL, KADM5_ADMIN_SERVICE, params, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, - &handle))) { - com_err(whoami, ret, "initializing kadm5 library"); - cleanup_and_exit(1, context); - } - use_master = 1; /* now safe to close kadm5 */ -} - -krb5_error_code do_connection(s, context) - int s; - krb5_context context; -{ - struct sockaddr saddr; - krb5_ticket *v5tkt = 0; - krb5_data msgdata, tktdata; - char msgbuf[MSGSIZE], tktbuf[TKT_BUFSIZ], *p; - int ret; - socklen_t saddrlen; - krb5_int32 n; /* Must be 4 bytes */ - krb5_kvno v4kvno; - - msgdata.data = msgbuf; - msgdata.length = MSGSIZE; - tktdata.data = tktbuf; - tktdata.length = TKT_BUFSIZ; - saddrlen = sizeof(struct sockaddr); - ret = recvfrom(s, msgdata.data, (int) msgdata.length, 0, &saddr, &saddrlen); - if (ret < 0) { - /* if recvfrom fails, we probably don't have a valid saddr to - use for the reply, so don't even try to respond. */ - return errno; - } - if (debug) - printf("message received\n"); - - if ((ret = decode_krb5_ticket(&msgdata, &v5tkt))) { - switch (ret) { - case KRB5KDC_ERR_BAD_PVNO: - case ASN1_MISPLACED_FIELD: - case ASN1_MISSING_FIELD: - case ASN1_BAD_ID: - case KRB5_BADMSGTYPE: - /* don't even answer parse errors */ - return ret; - break; - default: - /* try and recognize our own error packet */ - if (msgdata.length == sizeof(krb5_int32)) - return KRB5_BADMSGTYPE; - else - goto error; - } - } - if (debug) - printf("V5 ticket decoded\n"); - - if (krb5_princ_size(context, v5tkt->server) >= 1 - && krb5_princ_component(context, v5tkt->server, 0)->length == 3 - && strncmp(krb5_princ_component(context, v5tkt->server, 0)->data, - "afs", 3) == 0) { - krb5_data *enc_part; - int use_v5; - if ((ret = afs_return_v4(context, v5tkt->server, - &use_v5)) != 0) - goto error; - if ((ret = encode_krb5_enc_data(&v5tkt->enc_part, &enc_part)) != 0) - goto error; - if (!(use_v5)|| enc_part->length >= 344) { - krb5_free_data(context, enc_part); - if ((ret = handle_classic_v4(context, v5tkt, - (struct sockaddr_in *) &saddr, &tktdata, - &v4kvno)) != 0) - goto error; - } else { - KTEXT_ST fake_v4tkt; - memset(&fake_v4tkt, 0x11, sizeof(fake_v4tkt)); - fake_v4tkt.mbz = 0; - fake_v4tkt.length = enc_part->length; - memcpy(fake_v4tkt.dat, enc_part->data, enc_part->length); - v4kvno = (0x100-0x2b); /*protocol constant indicating v5 - * enc part only*/ - krb5_free_data(context, enc_part); - ret = encode_v4tkt(&fake_v4tkt, tktdata.data, &tktdata.length); - } - } else { - if ((ret = handle_classic_v4(context, v5tkt, - (struct sockaddr_in *) &saddr, &tktdata, - &v4kvno)) != 0) - goto error; - } - -error: - /* create the reply */ - p = msgdata.data; - msgdata.length = 0; - - n = htonl(ret); - memcpy(p, (char *) &n, sizeof(krb5_int32)); - p += sizeof(krb5_int32); - msgdata.length += sizeof(krb5_int32); - - if (ret) - goto write_msg; - - n = htonl(v4kvno); - memcpy(p, (char *) &n, sizeof(krb5_int32)); - p += sizeof(krb5_int32); - msgdata.length += sizeof(krb5_int32); - - memcpy(p, tktdata.data, tktdata.length); - p += tktdata.length; - msgdata.length += tktdata.length; - -write_msg: - if (ret) - (void) sendto(s, msgdata.data, (int) msgdata.length, 0, &saddr, saddrlen); - else - if (sendto(s, msgdata.data, msgdata.length, 0, &saddr, saddrlen)<0) - ret = errno; - if (debug) - printf("reply written\n"); - if (v5tkt) - krb5_free_ticket(context, v5tkt); - - - return ret; -} - -krb5_error_code lookup_service_key(context, p, ktype, kvno, key, kvnop) - krb5_context context; - krb5_principal p; - krb5_enctype ktype; - krb5_kvno kvno; - krb5_keyblock *key; - krb5_kvno *kvnop; -{ - int ret; - krb5_keytab_entry entry; - - if (use_keytab) { - if ((ret = krb5_kt_get_entry(context, kt, p, kvno, ktype, &entry))) - return ret; - *key = entry.key; - key->contents = malloc(key->length); - if (key->contents) - memcpy(key->contents, entry.key.contents, key->length); - else if (key->length) { - /* out of memory? */ - ret = ENOMEM; - memset (key, 0, sizeof (*key)); - return ret; - } - - krb5_kt_free_entry(context, &entry); - return 0; - } else if (use_master) { - return kdc_get_server_key(context, p, key, kvnop, ktype, kvno); - } - return 0; -} - -krb5_error_code kdc_get_server_key(context, service, key, kvnop, ktype, kvno) - krb5_context context; - krb5_principal service; - krb5_keyblock *key; - krb5_kvno *kvnop; - krb5_enctype ktype; - krb5_kvno kvno; -{ - krb5_error_code ret; - kadm5_principal_ent_rec server; - - if ((ret = kadm5_get_principal(handle, service, &server, - KADM5_KEY_DATA|KADM5_ATTRIBUTES))) - return ret; - - if (server.attributes & KRB5_KDB_DISALLOW_ALL_TIX - || server.attributes & KRB5_KDB_DISALLOW_SVR) { - kadm5_free_principal_ent(handle, &server); - return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - } - - /* - * We try kadm5_decrypt_key twice because in the case of a - * ENCTYPE_DES_CBC_CRC key, we prefer to find a krb4 salt type - * over a normal key. Note this may create a problem if the - * server key is passworded and has both a normal and v4 salt. - * There is no good solution to this. - */ - if ((ret = kadm5_decrypt_key(handle, - &server, - ktype, - (ktype == ENCTYPE_DES_CBC_CRC) ? - KRB5_KDB_SALTTYPE_V4 : -1, - kvno, - key, NULL, kvnop)) && - (ret = kadm5_decrypt_key(handle, - &server, - ktype, - -1, - kvno, - key, NULL, kvnop))) { - kadm5_free_principal_ent(handle, &server); - return (KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); - } - - kadm5_free_principal_ent(handle, &server); - return ret; -} - -/* - * We support two kinds of v4 credentials. There are real v4 - * credentials, and a Kerberos v5 enc part masquerading as a krb4 - * credential to be used by modern AFS implementations; this function - * handles the classic v4 case. - */ - -static krb5_error_code -handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt, - struct sockaddr_in *saddr, - krb5_data *tktdata, krb5_kvno *v4kvno) -{ - krb5_error_code ret; - krb5_keyblock v5_service_key, v4_service_key; - KTEXT_ST v4tkt; - - v5_service_key.contents = NULL; - v4_service_key.contents = NULL; - - if ((ret = lookup_service_key(context, v5tkt->server, - v5tkt->enc_part.enctype, - v5tkt->enc_part.kvno, - &v5_service_key, NULL))) - goto error; - - if ((ret = lookup_service_key(context, v5tkt->server, - ENCTYPE_DES_CBC_CRC, - 0, - &v4_service_key, v4kvno))) - goto error; - - if (debug) - printf("service key retrieved\n"); - if ((ret = krb5_decrypt_tkt_part(context, &v5_service_key, v5tkt))) { - goto error; - } - - if (!(allow_v4_crossrealm || krb5_realm_compare(context, v5tkt->server, - v5tkt->enc_part2->client))) { - ret = KRB5KDC_ERR_POLICY; - goto error; - } - krb5_free_enc_tkt_part(context, v5tkt->enc_part2); - v5tkt->enc_part2= NULL; - - memset(&v4tkt, 0x33, sizeof(v4tkt)); - ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key, - &v4_service_key, - (struct sockaddr_in *)saddr); - if (ret) - goto error; - - if (debug) - printf("credentials converted\n"); - - ret = encode_v4tkt(&v4tkt, tktdata->data, &tktdata->length); - if (ret) - goto error; - if (debug) - printf("v4 credentials encoded\n"); - -error: - if (v5tkt->enc_part2) { - krb5_free_enc_tkt_part(context, v5tkt->enc_part2); - v5tkt->enc_part2 = NULL; - } - - if (v5_service_key.contents) - krb5_free_keyblock_contents(context, &v5_service_key); - if (v4_service_key.contents) - krb5_free_keyblock_contents(context, &v4_service_key); - return ret; -} - -/* - * afs_return_v4: a predicate to determine whether we want to try - * using the afs krb5 encrypted part encoding or whether we just - * return krb4. Takes a principal, and checks the configuration file. - */ -static krb5_error_code -afs_return_v4 (krb5_context context, const krb5_principal princ, - int *use_v5) -{ - krb5_error_code ret; - char *unparsed_name; - char *cp; - krb5_data realm; - assert(use_v5 != NULL); - ret = krb5_unparse_name(context, princ, &unparsed_name); - if (ret != 0) - return ret; -/* Trim out trailing realm component into separate string.*/ - for (cp = unparsed_name; *cp != '\0'; cp++) { - if (*cp == '\\') { - cp++; /* We trust unparse_name not to leave a singleton - * backslash*/ - continue; - } - if (*cp == '@') { - *cp = '\0'; - realm.data = cp+1; - realm.length = strlen((char *) realm.data); - break; - } - } - krb5_appdefault_boolean(context, "afs_krb5", - &realm, unparsed_name, 1, - use_v5); - krb5_free_unparsed_name(context, unparsed_name); - return ret; -} Deleted: branches/mskrb-integ/src/krb524/krb524d.h =================================================================== --- branches/mskrb-integ/src/krb524/krb524d.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/krb524d.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,48 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef KRB524INT_H -#define KRB524INT_H - -#include "port-sockets.h" -#include "kerberosIV/krb.h" - -#ifndef KRB524INT_BEGIN_DECLS -#ifdef __cplusplus -#define KRB524INT_BEGIN_DECLS extern "C" { -#define KRB524INT_END_DECLS } -#else -#define KRB524INT_BEGIN_DECLS -#define KRB524INT_END_DECLS -#endif -#endif - -KRB524INT_BEGIN_DECLS - -int krb524_convert_tkt_skey - (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, - krb5_keyblock *v5_skey, krb5_keyblock *v4_skey, - struct sockaddr_in *saddr); - -KRB524INT_END_DECLS - -#endif /* KRB524INT_H */ Deleted: branches/mskrb-integ/src/krb524/libinit.c =================================================================== --- branches/mskrb-integ/src/krb524/libinit.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/libinit.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,27 +0,0 @@ -#ifdef _WIN32 -#include - -BOOL -WINAPI -DllMain( - HANDLE hModule, - DWORD fdwReason, - LPVOID lpReserved - ) -{ - switch (fdwReason) - { - case DLL_PROCESS_ATTACH: - break; - case DLL_THREAD_ATTACH: - break; - case DLL_THREAD_DETACH: - break; - case DLL_PROCESS_DETACH: - break; - default: - return FALSE; - } - return TRUE; -} -#endif Deleted: branches/mskrb-integ/src/krb524/test.c =================================================================== --- branches/mskrb-integ/src/krb524/test.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/krb524/test.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,353 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "k5-int.h" - -#include -#include -#include - -#ifndef _WIN32 -#include -#endif - -#include -#include -#include "com_err.h" - -#define KEYSIZE 8 -#define CRED_BUFSIZ 2048 - -#define krb5_print_addrs - -void do_local (krb5_creds *, krb5_keyblock *), - do_remote (krb5_context, krb5_creds *, char *, krb5_keyblock *); - -static -void print_key(msg, key) - char *msg; - des_cblock *key; -{ - printf("%s: ", msg); - C_Block_print(key); - printf("\n"); -} - -static -void print_time(msg, t) - char *msg; - int t; -{ - printf("%s: %d, %s", msg, t, ctime((time_t *) &t)); -} - -static -void krb5_print_times(msg, t) - char *msg; - krb5_ticket_times *t; -{ - printf("%s: Start: %d, %s", msg, t->starttime, - ctime((time_t *) &t->starttime)); - printf("%s: End: %d, %s", msg, t->endtime, - ctime((time_t *) &t->endtime)); - printf("%s: Auth: %d, %s", msg, t->authtime, - ctime((time_t *) &t->authtime)); - printf("%s: Renew: %d, %s", msg, t->renew_till, - ctime((time_t *) &t->renew_till)); -} - -static -void krb5_print_keyblock(msg, key) - char *msg; - krb5_keyblock *key; -{ - printf("%s: Keytype: %d\n", msg, key->enctype); - printf("%s: Length: %d\n", msg, key->length); - printf("%s: Key: ", msg); - C_Block_print((des_cblock *) key->contents); - printf("\n"); -} - -static -void krb5_print_ticket(context, ticket_data, key) - krb5_context context; - krb5_data *ticket_data; - krb5_keyblock *key; -{ - char *p; - krb5_ticket *tkt; - int ret; - - if ((ret = decode_krb5_ticket(ticket_data, &tkt))) { - com_err("test", ret, "decoding ticket"); - exit(1); - } - if ((ret = krb5_decrypt_tkt_part(context, key, tkt))) { - com_err("test", ret, "decrypting V5 ticket for print"); - exit(1); - } - - krb5_unparse_name(context, tkt->server, &p); - printf("Ticket: Server: %s\n", p); - free(p); - printf("Ticket: kvno: %d\n", tkt->enc_part.kvno); - printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags); - krb5_print_keyblock("Ticket: Session Keyblock", - tkt->enc_part2->session); - krb5_unparse_name(context, tkt->enc_part2->client, &p); - printf("Ticket: Client: %s\n", p); - free(p); - krb5_print_times("Ticket: Times", &tkt->enc_part2->times); - printf("Ticket: Address 0: %08lx\n", - *((unsigned long *) tkt->enc_part2->caddrs[0]->contents)); - - krb5_free_ticket(context, tkt); -} - -static -void krb5_print_creds(context, creds, secret_key) - krb5_context context; - krb5_creds *creds; - krb5_keyblock *secret_key; -{ - char *p; - - krb5_unparse_name(context, creds->client, &p); - printf("Client: %s\n", p); - free(p); - krb5_unparse_name(context, creds->server, &p); - printf("Server: %s\n", p); - free(p); - krb5_print_keyblock("Session key", &creds->keyblock); - krb5_print_times("Times", &creds->times); - printf("is_skey: %s\n", creds->is_skey ? "True" : "False"); - printf("Flags: 0x%08x\n", creds->ticket_flags); -#if 0 - krb5_print_addrs(creds->addresses); -#endif - krb5_print_ticket(context, &creds->ticket, secret_key); - /* krb5_print_ticket(context, &creds->second_ticket, secret_key); */ -} - -static -void krb4_print_ticket(ticket, secret_key) - KTEXT ticket; - krb5_keyblock *secret_key; -{ - char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; - char sname[ANAME_SZ], sinst[INST_SZ]; - unsigned char flags; - krb5_ui_4 addr; - krb5_ui_4 issue_time; - C_Block session_key; - int life; - Key_schedule keysched; - - int ret; - - if (des_key_sched(secret_key->contents, keysched)) { - fprintf(stderr, "Bug in DES key somewhere.\n"); - exit(1); - } - - ret = decomp_ticket(ticket, &flags, pname, pinst, prealm, &addr, - session_key, &life, &issue_time, sname, - sinst, secret_key->contents, keysched); - if (ret != KSUCCESS) { - fprintf(stderr, "krb4 decomp_ticket failed\n"); - exit(1); - } - printf("Ticket: Client: %s.%s@%s\n", pname, pinst, prealm); - printf("Ticket: Service: %s.%s\n", sname, sinst); - printf("Ticket: Address: %08lx\n", (long) addr); - print_key("Ticket: Session Key", (char *) session_key); - printf("Ticket: Lifetime: %d\n", life); - printf("Ticket: Issue Date: %ld, %s", (long) issue_time, - ctime((time_t *) &issue_time)); -} - -static -void krb4_print_creds(creds, secret_key) - CREDENTIALS *creds; - krb5_keyblock *secret_key; -{ - printf("Client: %s.%s@%s\n", creds->pname, creds->pinst, - creds->realm); - printf("Service: %s.%s@%s\n", creds->service, creds->instance, - creds->realm); - print_key("Session key", (char *) creds->session); - printf("Lifetime: %d\n", creds->lifetime); - printf("Key Version: %d\n", creds->kvno); - print_time("Issue Date", creds->issue_date); - krb4_print_ticket(&creds->ticket_st, secret_key); -} - -static -void usage() -{ - fprintf(stderr, "Usage: test [-remote server] client service\n"); - exit(1); -} - -int main(argc, argv) - int argc; - char **argv; -{ - krb5_principal client, server; - krb5_ccache cc; - krb5_creds increds, *v5creds; - krb5_keyblock key; - char keybuf[KEYSIZE], buf[BUFSIZ]; - int i, ret, local; - char *remote; - krb5_context context; - krb5_error_code retval; - -#if 0 - krb524_debug = 1; -#endif - - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } - - local = 0; - remote = NULL; - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-local") == 0) - local++; -#if 0 - else if (strcmp(*argv, "-remote") == 0) { - argc--; argv++; - if (!argc) - usage(); - remote = *argv; - } -#endif - else - break; - argc--; argv++; - } - if (argc != 2) - usage(); - - if ((ret = krb5_parse_name(context, argv[0], &client))) { - com_err("test", ret, "parsing client name"); - exit(1); - } - if ((ret = krb5_parse_name(context, argv[1], &server))) { - com_err("test", ret, "parsing server name"); - exit(1); - } - if ((ret = krb5_cc_default(context, &cc))) { - com_err("test", ret, "opening default credentials cache"); - exit(1); - } - - memset((char *) &increds, 0, sizeof(increds)); - increds.client = client; - increds.server = server; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_MD5; - if ((ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) { - com_err("test", ret, "getting V5 credentials"); - exit(1); - } - - /* We need the service key in order to locally decrypt both */ - /* tickets for testing */ - printf("Service's key: "); - fflush(stdout); - fgets(buf, BUFSIZ, stdin); - for (i = 0; i < 8; i++) { - unsigned char c; - c = buf[2*i]; - if (c >= '0' && c <= '9') - c -= '0'; - else if (c >= 'a' && c <= 'z') - c = c - 'a' + 0xa; - keybuf[i] = c << 4; - c = buf[2*i+1]; - if (c >= '0' && c <= '9') - c -= '0'; - else if (c >= 'a' && c <= 'z') - c = c - 'a' + 0xa; - keybuf[i] += c; - } - - key.enctype = ENCTYPE_DES_CBC_MD5; - key.length = KEYSIZE; /* presumably */ - key.contents = (krb5_octet *) keybuf; - - do_remote(context, v5creds, remote, &key); - exit(0); -} - -void do_remote(context, v5creds, server, key) - krb5_context context; - krb5_creds *v5creds; - char *server; - krb5_keyblock *key; -{ -#if 0 - struct sockaddr_in saddr; - struct hostent *hp; -#endif - CREDENTIALS v4creds; - int ret; - - printf("\nV5 credentials:\n"); - krb5_print_creds(context, v5creds, key); - -#if 0 - if (strcmp(server, "kdc") != 0) { - hp = gethostbyname(server); - if (hp == NULL) { - fprintf(stderr, "test: host %s does not exist.\n", server); - exit(1); - } - memset((char *) &saddr, 0, sizeof(struct sockaddr_in)); - saddr.sin_family = AF_INET; - memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr, - sizeof(struct in_addr)); - - if ((ret = krb524_convert_creds_addr(context, v5creds, &v4creds, - (struct sockaddr *) &saddr))) { - com_err("test", ret, "converting credentials on %s", - server); - exit(1); - } - } else -#endif - { - if ((ret = krb524_convert_creds_kdc(context, v5creds, &v4creds))) { - com_err("test", ret, "converting credentials via kdc"); - exit(1); - } - } - - printf("\nV4 credentials:\n"); - krb4_print_creds(&v4creds, key); -} Modified: branches/mskrb-integ/src/lib/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,15 +1,14 @@ thisconfigdir=./.. myfulldir=lib mydir=lib -SUBDIRS=crypto krb5 des425 @KRB4@ gssapi rpc kdb kadm5 apputils +SUBDIRS=crypto krb5 gssapi rpc kdb kadm5 apputils BUILDTOP=$(REL).. all-unix:: -CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libdes425.a \ - libkrb425.a libkadm.a libkrb4.a libcom_err.a libpty.a \ - libss.a libgssapi.a libapputils.a \ - libkrb5.so libcrypto.so libkrb4.so libdes425.so +CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libkadm.a \ + libcom_err.a libpty.a ibss.a libgssapi.a libapputils.a libkrb5.so \ + libcrypto.so clean-unix:: Modified: branches/mskrb-integ/src/lib/crypto/des/des_int.h =================================================================== --- branches/mskrb-integ/src/lib/crypto/des/des_int.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/crypto/des/des_int.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -64,10 +64,57 @@ #ifndef KRB5_MIT_DES__ #define KRB5_MIT_DES__ -#define KRB5INT_CRYPTO_DES_INT /* skip krb4-specific DES stuff */ -#include "kerberosIV/des.h" /* for des_key_schedule, etc. */ -#undef KRB5INT_CRYPTO_DES_INT /* don't screw other inclusions of des.h */ +#if defined(__MACH__) && defined(__APPLE__) +#include +#include +#if TARGET_RT_MAC_CFM +#error "Use KfM 4.0 SDK headers for CFM compilation." +#endif +#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) +#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 +#endif +#endif /* defined(__MACH__) && defined(__APPLE__) */ +/* Macro to add deprecated attribute to DES types and functions */ +/* Currently only defined on Mac OS X 10.5 and later. */ +#ifndef KRB5INT_DES_DEPRECATED +#define KRB5INT_DES_DEPRECATED +#endif + +#include + +#if UINT_MAX >= 0xFFFFFFFFUL +#define DES_INT32 int +#define DES_UINT32 unsigned int +#else +#define DES_INT32 long +#define DES_UINT32 unsigned long +#endif + +typedef unsigned char des_cblock[8] /* crypto-block size */ +KRB5INT_DES_DEPRECATED; + +/* + * Key schedule. + * + * This used to be + * + * typedef struct des_ks_struct { + * union { DES_INT32 pad; des_cblock _;} __; + * } des_key_schedule[16]; + * + * but it would cause trouble if DES_INT32 were ever more than 4 + * bytes. The reason is that all the encryption functions cast it to + * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If + * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the + * caller-allocated des_key_schedule will be overflowed by the key + * scheduling functions. We can't assume that every platform will + * have an exact 32-bit int, and nothing should be looking inside a + * des_key_schedule anyway. + */ +typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +KRB5INT_DES_DEPRECATED; + typedef des_cblock mit_des_cblock; typedef des_key_schedule mit_des_key_schedule; Modified: branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -75,11 +75,10 @@ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ - descbc.c keyhash_provider.h + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../des/des_int.h descbc.c keyhash_provider.h k5_md4des.so k5_md4des.po $(OUTPRE)k5_md4des.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -87,11 +86,10 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../des/des_int.h $(srcdir)/../md4/rsa-md4.h \ - k5_md4des.c keyhash_provider.h + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ + $(srcdir)/../md4/rsa-md4.h k5_md4des.c keyhash_provider.h k5_md5des.so k5_md5des.po $(OUTPRE)k5_md5des.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -99,11 +97,10 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../des/des_int.h $(srcdir)/../md5/rsa-md5.h \ - k5_md5des.c keyhash_provider.h + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ + $(srcdir)/../md5/rsa-md5.h k5_md5des.c keyhash_provider.h hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ Modified: branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c =================================================================== --- branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,9 +1,7 @@ /* * lib/crypto/keyhash_provider/hmac_md5.c * -(I don't know) -. - * Copyright2001 by the Massachusetts Institute of Technology. + * Copyright 2001 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -26,8 +24,8 @@ * or implied warranty. * * -* Implementation of the Microsoft hmac-md5 checksum type. -* Implemented based on draft-brezak-win2k-krb-rc4-hmac-03 + * Implementation of the Microsoft hmac-md5 checksum type. + * Implemented based on draft-brezak-win2k-krb-rc4-hmac-03 */ #include "k5-int.h" Modified: branches/mskrb-integ/src/lib/crypto/old/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/crypto/old/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/crypto/old/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -45,10 +45,10 @@ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../des/des_int.h des_stringtokey.c old.h + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ + des_stringtokey.c old.h old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ Deleted: branches/mskrb-integ/src/lib/des425/ISSUES =================================================================== --- branches/mskrb-integ/src/lib/des425/ISSUES 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/ISSUES 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,28 +0,0 @@ --*- text -*- - -* unix_time.c also exists in ../krb4, and they're different; both - should probably call into the krb5 support anyways to avoid - duplicating code. - -* namespace intrusions - -* Check include/kerberosIV/des.h and see if all the prototyped - functions really are necessary to retain; if not, delete some of - these source files. - -* Much of this code requires that DES_INT32 be *exactly* 32 bits, and - 4 bytes. - -* Array types are used in function call signatures, which is unclean. - It makes trying to add "const" qualifications in the right places - really, um, interesting. But we're probably stuck with them. - -* quad_cksum is totally broken. I have no idea whether the author - actually believed it implemented the documented algorithm, but I'm - certain it doesn't. The only question is, is it still reasonably - secure, when the plaintext and checksum are visible to an attacker - as in the mk_safe message? - -* des_read_password and des_read_pw_string are not thread-safe. Also, - they should be calling into the k5crypto library instead of - duplicating functionality. Deleted: branches/mskrb-integ/src/lib/des425/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/des425/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,273 +0,0 @@ -thisconfigdir=../.. -myfulldir=lib/des425 -mydir=lib/des425 -BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../crypto/des -I$(srcdir)/../../include/kerberosIV -DEFS= - -##DOS##BUILDTOP = ..\.. -##DOS##LIBNAME=$(OUTPRE)des425.lib -##DOS##OBJFILE=$(OUTPRE)des425.lst -##DOS##OBJFILEDEP=$(OUTPRE)des425.lst -##DOS##OBJFILELIST=@$(OUTPRE)des425.lst - -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -RUN_SETUP=@KRB5_RUN_ENV@ - -LIBBASE=des425 -LIBMAJOR=3 -LIBMINOR=0 -RELDIR=des425 -# Depends on libk5crypto and libkrb5 -SHLIB_EXPDEPS = \ - $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(TOPLIBD)/libkrb5$(SHLIBEXT) -SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto -SHLIB_DIRS=-L$(TOPLIBD) -SHLIB_RDIRS=$(KRB5_LIBDIR) - -STOBJLISTS=OBJS.ST -STLIBOBJS=cksum.o \ - des.o \ - enc_dec.o \ - key_parity.o \ - key_sched.o \ - new_rnd_key.o \ - pcbc_encrypt.o \ - quad_cksum.o \ - random_key.o \ - read_passwd.o \ - str_to_key.o \ - unix_time.o \ - util.o \ - weak_key.o - - -OBJS= $(OUTPRE)cksum.$(OBJEXT) \ - $(OUTPRE)des.$(OBJEXT) \ - $(OUTPRE)enc_dec.$(OBJEXT) \ - $(OUTPRE)key_parity.$(OBJEXT) \ - $(OUTPRE)key_sched.$(OBJEXT) \ - $(OUTPRE)new_rnd_key.$(OBJEXT) \ - $(OUTPRE)pcbc_encrypt.$(OBJEXT) \ - $(OUTPRE)quad_cksum.$(OBJEXT) \ - $(OUTPRE)random_key.$(OBJEXT) \ - $(OUTPRE)read_passwd.$(OBJEXT) \ - $(OUTPRE)str_to_key.$(OBJEXT) \ - $(OUTPRE)unix_time.$(OBJEXT) \ - $(OUTPRE)util.$(OBJEXT) \ - $(OUTPRE)weak_key.$(OBJEXT) - -SRCS= $(srcdir)/cksum.c \ - $(srcdir)/des.c \ - $(srcdir)/enc_dec.c \ - $(srcdir)/key_parity.c \ - $(srcdir)/key_sched.c \ - $(srcdir)/new_rnd_key.c \ - $(srcdir)/pcbc_encrypt.c \ - $(srcdir)/quad_cksum.c \ - $(srcdir)/random_key.c \ - $(srcdir)/read_passwd.c \ - $(srcdir)/str_to_key.c \ - $(srcdir)/unix_time.c \ - $(srcdir)/util.c \ - $(srcdir)/weak_key.c - -all-unix:: all-liblinks - -##DOS##LIBOBJS = $(OBJS) - -shared: - mkdir shared - -verify: verify.o $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ verify.o $(DES425_LIB) $(KRB5_BASE_LIBS) - -t_quad: t_quad.o quad_cksum.o $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_quad.o quad_cksum.o $(SUPPORT_LIB) - -t_pcbc: t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_LIBS) - -check-unix:: verify t_quad t_pcbc - $(RUN_SETUP) $(VALGRIND) ./verify -z - $(RUN_SETUP) $(VALGRIND) ./verify -m - $(RUN_SETUP) $(VALGRIND) ./verify - $(RUN_SETUP) $(VALGRIND) ./t_quad - $(RUN_SETUP) $(VALGRIND) ./t_pcbc - -check-windows:: - -clean:: - $(RM) $(OUTPRE)verify$(EXEEXT) $(OUTPRE)verify.$(OBJEXT) \ - $(OUTPRE)t_quad$(EXEEXT) $(OUTPRE)t_quad.$(OBJEXT) \ - $(OUTPRE)t_pcbc$(EXEEXT) $(OUTPRE)t_pcbc.$(OBJEXT) - -clean-unix:: clean-liblinks clean-libs clean-libobjs - -install-unix:: install-libs - - at lib_frag@ - at libobj_frag@ - -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -cksum.so cksum.po $(OUTPRE)cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - cksum.c -des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - des.c -enc_dec.so enc_dec.po $(OUTPRE)enc_dec.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - enc_dec.c -key_parity.so key_parity.po $(OUTPRE)key_parity.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h key_parity.c -key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h key_sched.c -new_rnd_key.so new_rnd_key.po $(OUTPRE)new_rnd_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h new_rnd_key.c -pcbc_encrypt.so pcbc_encrypt.po $(OUTPRE)pcbc_encrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h $(srcdir)/../crypto/des/f_tables.h \ - pcbc_encrypt.c -quad_cksum.so quad_cksum.po $(OUTPRE)quad_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h quad_cksum.c -random_key.so random_key.po $(OUTPRE)random_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h random_key.c -read_passwd.so read_passwd.po $(OUTPRE)read_passwd.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h read_passwd.c -str_to_key.so str_to_key.po $(OUTPRE)str_to_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h str_to_key.c -unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h unix_time.c -util.so util.po $(OUTPRE)util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - util.c -weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h weak_key.c Deleted: branches/mskrb-integ/src/lib/des425/cksum.c =================================================================== --- branches/mskrb-integ/src/lib/des425/cksum.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/cksum.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,68 +0,0 @@ -/* - * lib/des425/cksum.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * These routines perform encryption and decryption using the DES - * private key algorithm, or else a subset of it-- fewer inner loops. - * (AUTH_DES_ITER defaults to 16, may be less.) - * - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - * - * These routines form the library interface to the DES facilities. - * - * spm 8/85 MIT project athena - */ - -#include "des_int.h" -#include "des.h" - -/* - * This routine performs DES cipher-block-chaining checksum operation, - * a.k.a. Message Authentication Code. It ALWAYS encrypts from input - * to a single 64 bit output MAC checksum. - * - * The key schedule is passed as an arg, as well as the cleartext or - * ciphertext. The cleartext and ciphertext should be in host order. - * - * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was - * provided, your program will get trashed. - * - * The input is null padded, at the end (highest addr), to an integral - * multiple of eight bytes. - */ - -unsigned long KRB5_CALLCONV -des_cbc_cksum(in,out,length,key,iv) - const des_cblock *in; /* >= length bytes of inputtext */ - des_cblock *out; /* >= length bytes of outputtext */ - register unsigned long length; /* in bytes */ - const mit_des_key_schedule key; /* precomputed key schedule */ - const des_cblock *iv; /* 8 bytes of ivec */ -{ - return mit_des_cbc_cksum((const krb5_octet *)in, (krb5_octet *)out, - length, key, (krb5_octet *)iv); -} Deleted: branches/mskrb-integ/src/lib/des425/des.c =================================================================== --- branches/mskrb-integ/src/lib/des425/des.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/des.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,44 +0,0 @@ -/* - * lib/des425/des.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "des_int.h" -#include "des.h" -#undef mit_des_cbc_encrypt - -int KRB5_CALLCONV -des_ecb_encrypt(clear, cipher, schedule, enc) - des_cblock *clear; - des_cblock *cipher; - const mit_des_key_schedule schedule; - int enc; /* 0 ==> decrypt, else encrypt */ -{ - static const des_cblock iv; - - return (mit_des_cbc_encrypt((const des_cblock *)clear, cipher, - 8, schedule, iv, enc)); -} Deleted: branches/mskrb-integ/src/lib/des425/enc_dec.c =================================================================== --- branches/mskrb-integ/src/lib/des425/enc_dec.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/enc_dec.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,47 +0,0 @@ -/* - * lib/des425/enc_dec.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -#include "des_int.h" -#include "des.h" -#undef mit_des_cbc_encrypt - -int -des_cbc_encrypt(in,out,length,key,iv,enc) - des_cblock *in; /* >= length bytes of input text */ - des_cblock *out; /* >= length bytes of output text */ - register unsigned long length; /* in bytes */ - const mit_des_key_schedule key; /* precomputed key schedule */ - const des_cblock *iv; /* 8 bytes of ivec */ - int enc; /* 0 ==> decrypt, else encrypt */ -{ - return (mit_des_cbc_encrypt((const des_cblock *) in, - out, length, key, - (const unsigned char *)iv, /* YUCK! */ - enc)); -} Deleted: branches/mskrb-integ/src/lib/des425/key_parity.c =================================================================== --- branches/mskrb-integ/src/lib/des425/key_parity.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/key_parity.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,52 +0,0 @@ -/* - * lib/des425/key_parity.c - * - * Copyright 1989, 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "des_int.h" -#include "des.h" - -/* - * des_fixup_key_parity: Forces odd parity per byte; parity is bits - * 8,16,...64 in des order, implies 0, 8, 16, ... - * vax order. - */ -void -des_fixup_key_parity(key) - register mit_des_cblock key; -{ - mit_des_fixup_key_parity(key); -} - -/* - * des_check_key_parity: returns true iff key has the correct des parity. - */ -int -des_check_key_parity(key) - register mit_des_cblock key; -{ - return(mit_des_check_key_parity(key)); -} - Deleted: branches/mskrb-integ/src/lib/des425/key_sched.c =================================================================== --- branches/mskrb-integ/src/lib/des425/key_sched.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/key_sched.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,40 +0,0 @@ -/* - * lib/des425/key_sched.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - - -#include -#include "des_int.h" -#include "des.h" - -int KRB5_CALLCONV -des_key_sched(k,schedule) - des_cblock k; - des_key_schedule schedule; -{ - return (mit_des_key_sched(k, schedule)); -} Deleted: branches/mskrb-integ/src/lib/des425/libdes425.exports =================================================================== --- branches/mskrb-integ/src/lib/des425/libdes425.exports 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/libdes425.exports 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,18 +0,0 @@ -afs_string_to_key -des_cbc_cksum -des_cbc_encrypt -des_cblock_print_file -des_check_key_parity -des_ecb_encrypt -des_fixup_key_parity -des_init_random_number_generator -des_is_weak_key -des_key_sched -des_new_random_key -des_pcbc_encrypt -des_quad_cksum -des_random_key -des_read_password -des_read_pw_string -des_string_to_key -unix_time_gmt_unixsec Deleted: branches/mskrb-integ/src/lib/des425/mac_des_glue.c =================================================================== --- branches/mskrb-integ/src/lib/des425/mac_des_glue.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/mac_des_glue.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,104 +0,0 @@ -#include "des_int.h" -#include "des.h" -#undef mit_des3_cbc_encrypt - -/* These functions are exported on KfM for ABI compatibility with - * older versions of the library. They have been pulled from the headers - * in the hope that someday we can remove them. - * - * Do not change the ABIs of any of these functions! - */ - -//int des_read_pw_string(char *, int, char *, int); -char *des_crypt(const char *, const char *); -char *des_fcrypt(const char *, const char *, char *); - -int make_key_sched(des_cblock *, des_key_schedule); -int des_set_key(des_cblock *, des_key_schedule); - -void des_3cbc_encrypt(des_cblock *, des_cblock *, long, - des_key_schedule, des_key_schedule, des_key_schedule, - des_cblock *, int); -void des_3ecb_encrypt(des_cblock *, des_cblock *, - des_key_schedule, des_key_schedule, des_key_schedule, - int); - -void des_generate_random_block(des_cblock); -void des_set_random_generator_seed(des_cblock); -void des_set_sequence_number(des_cblock); - -#pragma mark - - -/* Why was this exported on KfM? Who knows... */ -int des_debug = 0; - -char *des_crypt(const char *str, const char *salt) -{ - char afs_buf[16]; - - return des_fcrypt(str, salt, afs_buf); -} - - -char *des_fcrypt(const char *str, const char *salt, char *buf) -{ - return mit_afs_crypt(str, salt, buf); -} - - -int make_key_sched(des_cblock *k, des_key_schedule schedule) -{ - return mit_des_key_sched((unsigned char *)k, schedule); /* YUCK! */ -} - - -int des_set_key(des_cblock *key, des_key_schedule schedule) -{ - return make_key_sched(key, schedule); -} - - -void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length, - des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, - des_cblock *iv, int enc) -{ - mit_des3_cbc_encrypt((const des_cblock *)in, out, (unsigned long)length, - ks1, ks2, ks3, - (const unsigned char *)iv, /* YUCK! */ - enc); -} - - -void des_3ecb_encrypt(des_cblock *clear, des_cblock *cipher, - des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, - int enc) -{ - static const des_cblock iv; - - mit_des3_cbc_encrypt((const des_cblock *)clear, cipher, 8, ks1, ks2, ks3, iv, enc); -} - - -void des_generate_random_block(des_cblock block) -{ - krb5_data data; - - data.length = sizeof(des_cblock); - data.data = (char *)block; - - /* This function can return an error, however we must ignore it. */ - /* The worst that happens is that the resulting block is non-random */ - krb5_c_random_make_octets(/* XXX */ 0, &data); -} - - -void des_set_random_generator_seed(des_cblock block) -{ - des_init_random_number_generator(block); /* XXX */ -} - - -void des_set_sequence_number(des_cblock block) -{ - des_init_random_number_generator(block); /* XXX */ -} Deleted: branches/mskrb-integ/src/lib/des425/new_rnd_key.c =================================================================== --- branches/mskrb-integ/src/lib/des425/new_rnd_key.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/new_rnd_key.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,96 +0,0 @@ -/* - * lib/des425/new_rnd_key.c - * - * Copyright 1988,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "des_int.h" -#include "des.h" -#include "k5-int.h" - -void -des_init_random_number_generator(key) - mit_des_cblock key; -{ - krb5_data seed; - - seed.length = sizeof(key); - seed.data = (char *) key; - - if (krb5_c_random_seed(/* XXX */ 0, &seed)) - /* XXX */ abort(); -} - -/* - * des_new_random_key: create a random des key - * - * Requires: des_set_random_number_generater_seed must be at called least - * once before this routine is called. - * - * Notes: the returned key has correct parity and is guarenteed not - * to be a weak des key. Des_generate_random_block is used to - * provide the random bits. - */ -int KRB5_CALLCONV -des_new_random_key(key) - mit_des_cblock key; -{ - krb5_keyblock keyblock; - krb5_error_code kret; - - kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC, &keyblock); - if (kret) return kret; - - memcpy(key, keyblock.contents, sizeof(mit_des_cblock)); - krb5_free_keyblock_contents(/* XXX */ 0, &keyblock); - - return 0; -} Deleted: branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c =================================================================== --- branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,235 +0,0 @@ -/* - * lib/des425/pcbc_encrypt.c - * - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * DES implementation donated by Dennis Ferguson - */ - -/* - * des_pcbc_encrypt.c - encrypt a string of characters in error propagation mode - */ - -#include "autoconf.h" /* in case this defines CONFIG_SMALL */ -#undef CONFIG_SMALL /* XXX needs non-exported crypto symbols */ -#include "des_int.h" -#include "des.h" -#include - -/* - * des_pcbc_encrypt - {en,de}crypt a stream in PCBC mode - */ -int KRB5_CALLCONV -des_pcbc_encrypt(in, out, length, schedule, ivec, enc) - des_cblock *in; - des_cblock *out; - long length; - const des_key_schedule schedule; - des_cblock *ivec; - int enc; -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - unsigned char *op; - - /* - * Copy the key pointer, just once - */ - kp = (const unsigned DES_INT32 *)schedule; - - /* - * Deal with encryption and decryption separately. - */ - if (enc) { - /* Initialization isn't really needed here, but gcc - complains because it doesn't understand that the - only case where these can be used uninitialized is - to compute values that'll in turn be ignored - because we won't go around the loop again. */ - unsigned DES_INT32 plainl = 42; - unsigned DES_INT32 plainr = 17; - - /* - * Initialize left and right with the contents of the initial - * vector. - */ - ip = *ivec; - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - - /* - * Suitably initialized, now work the length down 8 bytes - * at a time. - */ - ip = *in; - op = *out; - while (length > 0) { - /* - * Get block of input. If the length is - * greater than 8 this is straight - * forward. Otherwise we have to fart around. - */ - if (length > 8) { - GET_HALF_BLOCK(plainl, ip); - GET_HALF_BLOCK(plainr, ip); - left ^= plainl; - right ^= plainr; - length -= 8; - } else { - /* - * Oh, shoot. We need to pad the - * end with zeroes. Work backwards - * to do this. We know this is the - * last block, though, so we don't have - * to save the plain text. - */ - ip += (int) length; - switch(length) { - case 8: - right ^= *(--ip) & 0xff; - case 7: - right ^= (*(--ip) & 0xff) << 8; - case 6: - right ^= (*(--ip) & 0xff) << 16; - case 5: - right ^= (*(--ip) & 0xff) << 24; - case 4: - left ^= *(--ip) & 0xff; - case 3: - left ^= (*(--ip) & 0xff) << 8; - case 2: - left ^= (*(--ip) & 0xff) << 16; - case 1: - left ^= (*(--ip) & 0xff) << 24; - break; - } - length = 0; - } - - /* - * Encrypt what we have - */ - DES_DO_ENCRYPT(left, right, kp); - - /* - * Copy the results out - */ - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - - /* - * Xor with the old plain text - */ - left ^= plainl; - right ^= plainr; - } - } else { - /* - * Decrypting is harder than encrypting because of - * the necessity of remembering a lot more things. - * Should think about this a little more... - */ - unsigned DES_INT32 ocipherl, ocipherr; - unsigned DES_INT32 cipherl, cipherr; - - if (length <= 0) - return 0; - - /* - * Prime the old cipher with ivec. - */ - ip = *ivec; - GET_HALF_BLOCK(ocipherl, ip); - GET_HALF_BLOCK(ocipherr, ip); - - /* - * Now do this in earnest until we run out of length. - */ - ip = *in; - op = *out; - for (;;) { /* check done inside loop */ - /* - * Read a block from the input into left and - * right. Save this cipher block for later. - */ - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - cipherl = left; - cipherr = right; - - /* - * Decrypt this. - */ - DES_DO_DECRYPT(left, right, kp); - - /* - * Xor with the old cipher to get plain - * text. Output 8 or less bytes of this. - */ - left ^= ocipherl; - right ^= ocipherr; - if (length > 8) { - length -= 8; - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - /* - * Save current cipher block here - */ - ocipherl = cipherl ^ left; - ocipherr = cipherr ^ right; - } else { - /* - * Trouble here. Start at end of output, - * work backwards. - */ - op += (int) length; - switch(length) { - case 8: - *(--op) = (unsigned char) (right & 0xff); - case 7: - *(--op) = (unsigned char) ((right >> 8) & 0xff); - case 6: - *(--op) = (unsigned char) ((right >> 16) & 0xff); - case 5: - *(--op) = (unsigned char) ((right >> 24) & 0xff); - case 4: - *(--op) = (unsigned char) (left & 0xff); - case 3: - *(--op) = (unsigned char) ((left >> 8) & 0xff); - case 2: - *(--op) = (unsigned char) ((left >> 16) & 0xff); - case 1: - *(--op) = (unsigned char) ((left >> 24) & 0xff); - break; - } - break; /* we're done */ - } - } - } - - /* - * Done, return nothing. - */ - return 0; -} Deleted: branches/mskrb-integ/src/lib/des425/quad_cksum.c =================================================================== --- branches/mskrb-integ/src/lib/des425/quad_cksum.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/quad_cksum.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,200 +0,0 @@ -/* - * lib/des425/quad_cksum.c - * - * Copyright 1985, 1986, 1987, 1988,1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * This routine does not implement: - * - * - * Quadratic Congruential Manipulation Dectection Code - * - * ref: "Message Authentication" - * R.R. Jueneman, S. M. Matyas, C.H. Meyer - * IEEE Communications Magazine, - * Sept 1985 Vol 23 No 9 p 29-40 - * - * This routine, part of the Athena DES library built for the Kerberos - * authentication system, calculates a manipulation detection code for - * a message. It is a much faster alternative to the DES-checksum - * method. No guarantees are offered for its security. - * - * Implementation for 4.2bsd - * by S.P. Miller Project Athena/MIT - */ - -/* - * Algorithm (per paper): - * define: - * message to be composed of n m-bit blocks X1,...,Xn - * optional secret seed S in block X1 - * MDC in block Xn+1 - * prime modulus N - * accumulator Z - * initial (secret) value of accumulator C - * N, C, and S are known at both ends - * C and , optionally, S, are hidden from the end users - * then - * (read array references as subscripts over time) - * Z[0] = c; - * for i = 1...n - * Z[i] = (Z[i+1] + X[i])**2 modulo N - * X[n+1] = Z[n] = MDC - * - * Then pick - * N = 2**31 -1 - * m = 16 - * iterate 4 times over plaintext, also use Zn - * from iteration j as seed for iteration j+1, - * total MDC is then a 128 bit array of the four - * Zn; - * - * return the last Zn and optionally, all - * four as output args. - * - * Modifications: - * To inhibit brute force searches of the seed space, this - * implementation is modified to have - * Z = 64 bit accumulator - * C = 64 bit C seed - * N = 2**63 - 1 - * S = S seed is not implemented here - * arithmetic is not quite real double integer precision, since we - * cant get at the carry or high order results from multiply, - * but nontheless is 64 bit arithmetic. - */ -/* - * This code purports to implement the above algorithm, but fails. - * - * First of all, there was an implicit mod 2**32 being done on the - * machines where this was developed because of their word sizes, and - * for compabitility this has to be done on machines with 64-bit - * words, so we make it explicit. - * - * Second, in the squaring operation, I really doubt the carry-over - * from the low 31-bit half of the accumulator is being done right, - * and using a modulus of 0x7fffffff on the low half of the - * accumulator seems completely wrong. And I challenge anyone to - * explain where the number 83653421 comes from. - * - * --Ken Raeburn 2001-04-06 - */ - - -/* System include files */ -#include -#include - -#include "des_int.h" -#include "des.h" - -/* Definitions for byte swapping */ - -/* vax byte order is LSB first. This is not performance critical, and - is far more readable this way. */ -#define four_bytes_vax_to_nets(x) ((((((x[3]<<8)|x[2])<<8)|x[1])<<8)|x[0]) -#define vaxtohl(x) four_bytes_vax_to_nets(((const unsigned char *)(x))) -#define two_bytes_vax_to_nets(x) ((x[1]<<8)|x[0]) -#define vaxtohs(x) two_bytes_vax_to_nets(((const unsigned char *)(x))) - -/* Externals */ -extern int des_debug; - -/*** Routines ***************************************************** */ - -unsigned long KRB5_CALLCONV -des_quad_cksum(in,out,length,out_count,c_seed) - const unsigned char *in; /* input block */ - unsigned DES_INT32 *out; /* optional longer output */ - long length; /* original length in bytes */ - int out_count; /* number of iterations */ - mit_des_cblock *c_seed; /* secret seed, 8 bytes */ -{ - - /* - * this routine both returns the low order of the final (last in - * time) 32bits of the checksum, and if "out" is not a null - * pointer, a longer version, up to entire 32 bytes of the - * checksum is written unto the address pointed to. - */ - - register unsigned DES_INT32 z; - register unsigned DES_INT32 z2; - register unsigned DES_INT32 x; - register unsigned DES_INT32 x2; - const unsigned char *p; - register DES_INT32 len; - register int i; - - /* use all 8 bytes of seed */ - - z = vaxtohl(c_seed); - z2 = vaxtohl((const char *)c_seed+4); - if (out == NULL) - out_count = 1; /* default */ - - /* This is repeated n times!! */ - for (i = 1; i <=4 && i<= out_count; i++) { - len = length; - p = in; - while (len) { - /* - * X = Z + Input ... sort of. Carry out from low half - * isn't done, so we're using all 32 bits of x now. - */ - if (len > 1) { - x = (z + vaxtohs(p)); - p += 2; - len -= 2; - } - else { - x = (z + *(const unsigned char *)p++); - len = 0; - } - x2 = z2; - /* - * I think this is supposed to be a squaring operation. - * What it really is, I haven't figured out yet. - * - * Explicit mod 2**32 is for backwards compatibility. Why - * mod 0x7fffffff and not 0x80000000 on the low half of - * the (supposed) accumulator? And where does the number - * 83653421 come from?? - */ - z = (((x * x) + (x2 * x2)) & 0xffffffff) % 0x7fffffff; - z2 = ((x * (x2+83653421)) & 0xffffffff) % 0x7fffffff; /* modulo */ -#ifdef DEBUG - if (des_debug & 8) - printf("%d %d\n",z,z2); -#endif - } - - if (out != NULL) { - *out++ = z; - *out++ = z2; - } - } - /* return final z value as 32 bit version of checksum */ - return z; -} Deleted: branches/mskrb-integ/src/lib/des425/random_key.c =================================================================== --- branches/mskrb-integ/src/lib/des425/random_key.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/random_key.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,74 +0,0 @@ -/* - * lib/des425/random_key.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "des_int.h" -#include "des.h" - -/* random_key */ -int -des_random_key(key) - mit_des_cblock *key; -{ - krb5_keyblock keyblock; - krb5_error_code kret; - - if ((kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC, - &keyblock))) - return(kret); - - memcpy(key, keyblock.contents, sizeof(mit_des_cblock)); - - return(0); -} - Deleted: branches/mskrb-integ/src/lib/des425/read_passwd.c =================================================================== --- branches/mskrb-integ/src/lib/des425/read_passwd.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/read_passwd.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,128 +0,0 @@ -/* - * lib/des425/read_passwd.c - * - * Copyright 1985,1986,1987,1988,1991 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * This routine prints the supplied string to standard - * output as a prompt, and reads a password string without - * echoing. - */ - -#if !defined(_WIN32) - -#include "des_int.h" -#include "des.h" -#include -#include -#include -/* This is re-declared here because des.h might not declare it. */ -int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int); -static int des_rd_pwstr_2prompt(char *, int, char *, char *); - - -/*** Routines ****************************************************** */ -static int -des_rd_pwstr_2prompt(return_pwd, bufsize_in, prompt, prompt2) - char *return_pwd; - int bufsize_in; - char *prompt; - char *prompt2; -{ - krb5_data reply_data; - krb5_prompt k5prompt; - krb5_error_code retval; - reply_data.length = bufsize_in; - reply_data.data = return_pwd; - k5prompt.prompt = prompt; - k5prompt.hidden = 1; - k5prompt.reply = &reply_data; - retval = krb5_prompter_posix(NULL, - NULL, NULL, NULL, 1, &k5prompt); - - if ((retval==0) && prompt2) { - krb5_data verify_data; - verify_data.data = malloc(bufsize_in); - verify_data.length = bufsize_in; - k5prompt.prompt = prompt2; - k5prompt.reply = &verify_data; - if (!verify_data.data) - return ENOMEM; - retval = krb5_prompter_posix(NULL, - NULL,NULL, NULL, 1, &k5prompt); - if (retval) { - free(verify_data.data); - } else { - /* compare */ - if (strncmp(return_pwd, (char *)verify_data.data, bufsize_in)) { - retval = KRB5_LIBOS_BADPWDMATCH; - free(verify_data.data); - } - } - } - return retval; -} - - -int KRB5_CALLCONV -des_read_password(k,prompt,verify) - mit_des_cblock *k; - char *prompt; - int verify; -{ - int ok; - char key_string[BUFSIZ]; - - ok = des_read_pw_string(key_string, sizeof(key_string), prompt, verify); - if (ok == 0) - des_string_to_key(key_string, *k); - - memset(key_string, 0, sizeof (key_string)); - return ok; -} - -/* Note: this function is exported on KfM. Do not change its ABI. */ -int KRB5_CALLCONV -des_read_pw_string(s, max, prompt, verify) - char *s; - int max; - char *prompt; - int verify; -{ - int ok; - char prompt2[BUFSIZ]; - - if (verify) { - snprintf(prompt2, sizeof(prompt2), "Verifying, please re-enter %s", - prompt); - } - ok = des_rd_pwstr_2prompt(s, max, prompt, verify ? prompt2 : 0); - return ok; -} - -#else /* !unix */ -/* - * These are all just dummy functions to make the rest of the library happy... - */ -#endif /* _WINDOWS */ Deleted: branches/mskrb-integ/src/lib/des425/str_to_key.c =================================================================== --- branches/mskrb-integ/src/lib/des425/str_to_key.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/str_to_key.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,168 +0,0 @@ -/* - * lib/des425/str_to_key.c - * - * Copyright 1985, 1986, 1987, 1988, 1989,1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * These routines perform encryption and decryption using the DES - * private key algorithm, or else a subset of it-- fewer inner loops. - * (AUTH_DES_ITER defaults to 16, may be less.) - * - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - * - * The key schedule is passed as an arg, as well as the cleartext or - * ciphertext. The cleartext and ciphertext should be in host order. - * - * These routines form the library interface to the DES facilities. - * - * spm 8/85 MIT project athena - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -extern int mit_des_debug; - -/* - * Convert an arbitrary length string to a DES key. - */ - -/* - * For krb5, a change was made to this algorithm: When each key is - * generated, after fixing parity, a check for weak and semi-weak keys - * is done. If the key is weak or semi-weak, we XOR the last byte - * with 0xF0. (In the case of the intermediate key, the weakness is - * probably irrelevant, but there it is.) The odds that this will - * generate a different key for a random input string are pretty low, - * but non-zero. So we need this different function for krb4 to use. - */ -int KRB5_CALLCONV -des_string_to_key(str,key) - const char *str; - register mit_des_cblock key; -{ - const char *in_str; - register unsigned temp; - register int j; - unsigned long i, length; - unsigned char *k_p; - int forward; - register char *p_char; - char k_char[64]; - mit_des_key_schedule key_sked; - - in_str = str; - forward = 1; - p_char = k_char; - length = strlen(str); - - /* init key array for bits */ - memset(k_char, 0,sizeof(k_char)); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\n\ninput str length = %ld string = %s\nstring = 0x ", - length,str); -#endif - - /* get next 8 bytes, strip parity, xor */ - for (i = 1; i <= length; i++) { - /* get next input key byte */ - temp = (unsigned int) *str++; -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout,"%02x ",temp & 0xff); -#endif - /* loop through bits within byte, ignore parity */ - for (j = 0; j <= 6; j++) { - if (forward) - *p_char++ ^= (int) temp & 01; - else - *--p_char ^= (int) temp & 01; - temp = temp >> 1; - } - - /* check and flip direction */ - if ((i%8) == 0) - forward = !forward; - } - - /* now stuff into the key des_cblock, and force odd parity */ - p_char = k_char; - k_p = (unsigned char *) key; - - for (i = 0; i <= 7; i++) { - temp = 0; - for (j = 0; j <= 6; j++) - temp |= *p_char++ << (1+j); - *k_p++ = (unsigned char) temp; - } - - /* fix key parity */ - des_fixup_key_parity(key); - - /* Now one-way encrypt it with the folded key */ - (void) des_key_sched(key, key_sked); - (void) des_cbc_cksum((const des_cblock *)in_str, (des_cblock *)key, - length, key_sked, (const des_cblock *)key); - /* erase key_sked */ - memset(key_sked, 0,sizeof(key_sked)); - - /* now fix up key parity again */ - des_fixup_key_parity(key); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\nResulting string_to_key = 0x%x 0x%x\n", - *((unsigned long *) key), - *((unsigned long *) key+1)); -#endif /* DEBUG */ - return 0; /* Really should be returning void, */ - /* but the original spec was for it to */ - /* return an int, and ANSI compilers */ - /* can do dumb things sometimes */ -} - -void afs_string_to_key(char *str, char *cell, des_cblock key) -{ - krb5_data str_data; - krb5_data cell_data; - krb5_keyblock keyblock; - - str_data.data = str; - str_data.length = strlen(str); - cell_data.data = cell; - cell_data.length = strlen(cell); - keyblock.enctype = ENCTYPE_DES_CBC_CRC; - keyblock.length = sizeof(des_cblock); - keyblock.contents = key; - - mit_afs_string_to_key(&keyblock, &str_data, &cell_data); -} Deleted: branches/mskrb-integ/src/lib/des425/string2key.c =================================================================== --- branches/mskrb-integ/src/lib/des425/string2key.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/string2key.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,174 +0,0 @@ -/* THIS FILE DOES NOT GET COMPILED. AUDIT BEFORE USE. */ -/* - * lib/des425/string2key.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Wrapper for the V4 libdes for use with kerberos V5. - */ - - -#include "des.h" -#include "des_int.h" - -#ifdef DEBUG -#include -extern int des_debug; -#endif - -/* - converts the string pointed to by "data" into an encryption key - of type "enctype". *keyblock is filled in with the key info; - in particular, keyblock->contents is to be set to allocated storage. - It is the responsibility of the caller to release this storage - when the generated key no longer needed. - - The routine may use "princ" to seed or alter the conversion - algorithm. - - If the particular function called does not know how to make a - key of type "enctype", an error may be returned. - - returns: errors - */ - -krb5_error_code mit_des_string_to_key (enctype, keyblock, data, princ) - const krb5_enctype enctype; - krb5_keyblock * keyblock; - const krb5_data * data; - krb5_const_principal princ; -{ - char copystr[512]; - - register char *str = copystr; - register krb5_octet *key; - - register unsigned temp,i; - register int j; - register long length; - unsigned char *k_p; - int forward; - register char *p_char; - char k_char[64]; - mit_des_key_schedule key_sked; - -#define min(A, B) ((A) < (B) ? (A): (B)) - - if ( enctype != ENCTYPE_DES ) - return (KRB5_PROG_ENCTYPE_NOSUPP); - - if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) ) - return(ENOMEM); - -#define cleanup() {memset(keyblock->contents, 0, sizeof(mit_des_cblock));\ - krb5_xfree(keyblock->contents);} - - keyblock->enctype = ENCTYPE_DES; - keyblock->length = sizeof(mit_des_cblock); - key = keyblock->contents; - - memset(copystr, 0, sizeof(copystr)); - j = min(data->length, 511); - (void) strncpy(copystr, data->data, j); - if ( princ != 0 ) - for (i=0; princ[i] != 0 && j < 511; i++) { - (void) strncpy(copystr+j, princ[i]->data, - min(princ[i]->length, 511-j)); - j += min(princ[i]->length, 511-j); - } - - /* convert copystr to des key */ - forward = 1; - p_char = k_char; - length = strlen(str); - - /* init key array for bits */ - memset(k_char,0,sizeof(k_char)); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\n\ninput str length = %d string = %s\nstring = 0x ", - length,str); -#endif - - /* get next 8 bytes, strip parity, xor */ - for (i = 1; i <= length; i++) { - /* get next input key byte */ - temp = (unsigned int) *str++; -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout,"%02x ",temp & 0xff); -#endif - /* loop through bits within byte, ignore parity */ - for (j = 0; j <= 6; j++) { - if (forward) - *p_char++ ^= (int) temp & 01; - else - *--p_char ^= (int) temp & 01; - temp = temp >> 1; - } - - /* check and flip direction */ - if ((i%8) == 0) - forward = !forward; - } - - /* now stuff into the key mit_des_cblock, and force odd parity */ - p_char = k_char; - k_p = (unsigned char *) key; - - for (i = 0; i <= 7; i++) { - temp = 0; - for (j = 0; j <= 6; j++) - temp |= *p_char++ << (1+j); - *k_p++ = (unsigned char) temp; - } - - /* fix key parity */ - mit_des_fixup_key_parity(key); - - /* Now one-way encrypt it with the folded key */ - (void) mit_des_key_sched(key, key_sked); - (void) mit_des_cbc_cksum((krb5_octet *)copystr, key, length, key_sked, key); - /* erase key_sked */ - memset((char *)key_sked, 0, sizeof(key_sked)); - - /* now fix up key parity again */ - mit_des_fixup_key_parity(key); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\nResulting string_to_key = 0x%x 0x%x\n", - *((unsigned long *) key), - *((unsigned long *) key+1)); -#endif - - return 0; -} - - - - Deleted: branches/mskrb-integ/src/lib/des425/t_pcbc.c =================================================================== --- branches/mskrb-integ/src/lib/des425/t_pcbc.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/t_pcbc.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,123 +0,0 @@ -/* - * lib/des425/t_quad.c - * - * Copyright 2001 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -char *progname; -int des_debug; - -/* These test values were constructed by experimentation, because I - couldn't be bothered to look up the spec for the encryption mode - and see if any test vector is defined. But really, the thing we - need to test is that the operation we use doesn't changed. Like - with quad_cksum, compatibility is more important than strict - adherence to the spec, if we have to choose. In any case, if you - have a useful test vector, send it in.... */ -struct { - unsigned char text[32]; - des_cblock out[4]; -} tests[] = { - { - "Now is the time for all ", - { - { 0x7f, 0x81, 0x65, 0x41, 0x21, 0xdb, 0xd4, 0xcf, }, - { 0xf8, 0xaa, 0x09, 0x90, 0xeb, 0xc7, 0x60, 0x2b, }, - { 0x45, 0x3e, 0x4e, 0x65, 0x83, 0x6c, 0xf1, 0x98, }, - { 0x4c, 0xfc, 0x69, 0x72, 0x23, 0xdb, 0x48, 0x78, } - } - }, { - "7654321 Now is the time for ", - { - { 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, }, - { 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15, }, - { 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f, }, - { 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88, } - } - }, { - "hi", - { { 0x76, 0x61, 0x0e, 0x8b, 0x23, 0xa4, 0x5f, 0x34, } } - }, -}; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; -des_cblock ivec = { - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10 -}; - -int -main(argc,argv) - int argc; - char *argv[]; -{ - int i; - int fail=0; - des_cblock out[32/8]; - des_cblock out2[32/8]; - des_key_schedule sked; - - progname=argv[0]; /* salt away invoking program */ - - /* use known input and key */ - - for (i = 0; i < 3; i++) { - int wrong = 0, j, jmax; - des_key_sched (default_key, sked); - /* This could lose on alignment... */ - des_pcbc_encrypt ((des_cblock *)&tests[i].text, out, - strlen(tests[i].text) + 1, sked, &ivec, 1); - printf ("pcbc_encrypt(\"%s\") = {", tests[i].text); - jmax = (strlen (tests[i].text) + 8) & ~7U; - for (j = 0; j < jmax; j++) { - if (j % 8 == 0) - printf ("\n\t"); - printf (" 0x%02x,", out[j/8][j%8]); - if (out[j/8][j%8] != tests[i].out[j/8][j%8]) - wrong = 1; - } - printf ("\n}\n"); - - /* reverse it */ - des_pcbc_encrypt (out, out2, jmax, sked, &ivec, 0); - if (strcmp ((char *)out2, tests[i].text)) { - printf ("decrypt failed\n"); - wrong = 1; - } else - printf ("decrypt worked\n"); - - if (wrong) { - printf ("wrong result!\n"); - fail = 1; - } - } - return fail; -} Deleted: branches/mskrb-integ/src/lib/des425/t_quad.c =================================================================== --- branches/mskrb-integ/src/lib/des425/t_quad.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/t_quad.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,101 +0,0 @@ -/* - * lib/des425/t_quad.c - * - * Copyright 2001 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -extern unsigned long quad_cksum(); -char *progname; -int des_debug; -unsigned DES_INT32 out[8]; -struct { - unsigned char text[64]; - unsigned DES_INT32 out[8]; -} tests[] = { - { - "Now is the time for all ", - { - 0x6c6240c5, 0x77db9b1c, 0x7991d316, 0x4e688989, - 0x27a0ae6a, 0x13be2da4, 0x4a2fdfc6, 0x7dfc494c, - } - }, { - "7654321 Now is the time for ", - { - 0x36839db5, 0x4d7be717, 0x15b0f5b6, 0x2304ff9c, - 0x75472d26, 0x6a5f833c, 0x7399a4ee, 0x1170fdfb, - } - }, { - {2,0,0,0, 1,0,0,0}, - { - 0x7c81f205, 0x63d38e38, 0x314ece44, 0x05d3a4f8, - 0x6e10db76, 0x3eda7685, 0x2e841332, 0x1bdc7fd3, - } - }, -}; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; - -int -main(argc,argv) - int argc; - char *argv[]; -{ - int i; - int fail=0; - - progname=argv[0]; /* salt away invoking program */ - - /* use known input and key */ - - for (i = 0; i < 3; i++) { - int wrong = 0, j; - des_quad_cksum (tests[i].text, out, 64L, 4, - (mit_des_cblock *) &default_key); - if (tests[i].text[0] == 2) - printf ("quad_cksum() = {"); - else - printf ("quad_cksum(\"%s\"...zero fill...) = {", tests[i].text); - for (j = 0; j < 8; j++) { - if (j == 0 || j == 4) - printf ("\n\t"); - printf (" 0x%lx,", (unsigned long) out[j]); - if (out[j] != tests[i].out[j]) - wrong = 1; - } - printf ("\n}\n"); - if (wrong) { - printf ("wrong result!\n"); - fail = 1; - } - } - return fail; -} Deleted: branches/mskrb-integ/src/lib/des425/unix_time.c =================================================================== --- branches/mskrb-integ/src/lib/des425/unix_time.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/unix_time.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,46 +0,0 @@ -/* - * unix_time.c - * - * Glue code for pasting Kerberos into the Unix environment. - * - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - * - * Required for use by the Cygnus krb.a. - */ - - -#include "k5-int.h" - -#if !defined(_WIN32) -#include - -krb5_ui_4 -unix_time_gmt_unixsec (usecptr) - krb5_ui_4 *usecptr; -{ - struct timeval now; - - (void) gettimeofday (&now, (struct timezone *)0); - if (usecptr) - *usecptr = now.tv_usec; - return now.tv_sec; -} - -#endif /* !_WIN32 */ - -#ifdef _WIN32 -#include - -krb5_ui_4 -unix_time_gmt_unixsec (usecptr) - krb5_ui_4 *usecptr; -{ - time_t gmt; - - time(&gmt); - if (usecptr) - *usecptr = gmt; - return gmt; -} -#endif /* _WIN32 */ Deleted: branches/mskrb-integ/src/lib/des425/util.c =================================================================== --- branches/mskrb-integ/src/lib/des425/util.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/util.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,33 +0,0 @@ -/* - * lib/des425/util.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Miscellaneous debug printing utilities - */ - -#include - -/* Application include files */ -#include "k5-int.h" -#include "des_int.h" -#include "des.h" - -void des_cblock_print_file(x, fp) - des_cblock *x; - FILE *fp; -{ - unsigned char *y = *x; - register int i = 0; - fprintf(fp," 0x { "); - - while (i++ < 8) { - fprintf(fp,"%x",*y++); - if (i < 8) - fprintf(fp,", "); - } - fprintf(fp," }"); -} Deleted: branches/mskrb-integ/src/lib/des425/verify.c =================================================================== --- branches/mskrb-integ/src/lib/des425/verify.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/verify.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,317 +0,0 @@ -/* - * lib/des425/verify.c - * - * Copyright 1988,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Program to test the correctness of the DES library - * implementation. - * - * exit returns 0 ==> success - * -1 ==> error - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -char *progname; -int nflag = 2; -int vflag; -int mflag; -int zflag; -int pid; -int des_debug; -des_key_schedule KS; -unsigned char cipher_text[64]; -unsigned char clear_text[64] = "Now is the time for all " ; -unsigned char clear_text2[64] = "7654321 Now is the time for "; -unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; -unsigned char output[64]; -unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; -unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ -unsigned char *input; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; -unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; -unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; -des_cblock s_key; -unsigned char default_ivec[8] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef -}; -unsigned char *ivec; -unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ -int i,j; - -unsigned char cipher1[8] = { - 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 -}; -unsigned char cipher2[8] = { - 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 -}; -unsigned char cipher3[64] = { - 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, - 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, - 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 -}; -unsigned char checksum[8] = { - 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 -}; - -unsigned char zresult[8] = { - 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 -}; - -unsigned char mresult[8] = { - 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 -}; - - -/* - * Can also add : - * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) - */ - -void do_encrypt (unsigned char *, unsigned char *); -void do_decrypt (unsigned char *, unsigned char *); - -int -main(argc,argv) - int argc; - char *argv[]; -{ - /* Local Declarations */ - unsigned long in_length; - - progname=argv[0]; /* salt away invoking program */ - - while (--argc > 0 && (*++argv)[0] == '-') - for (i=1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - des_debug=3; - continue; - - case 'z': - zflag = 1; - continue; - - case 'm': - mflag = 1; - continue; - - default: - printf("%s: illegal flag \"%c\" ", - progname,argv[0][i]); - exit(1); - } - }; - - if (argc) { - fprintf(stderr, "Usage: %s [-dmz]\n", progname); - exit(1); - } - - /* use known input and key */ - - /* ECB zero text zero key */ - if (zflag) { - input = zero_text; - des_key_sched(zero_key,KS); - printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { - printf("verify: error in zero key test\n"); - exit(-1); - } - exit(0); - } - - if (mflag) { - input = msb_text; - des_key_sched(key3,KS); - printf("plaintext = 0x00 00 00 00 00 00 00 40, "); - printf("key = 0, cipher = 0x??\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { - printf("verify: error in msb test\n"); - exit(-1); - } - exit(0); - } - - /* ECB mode Davies and Price */ - { - input = zero_text; - des_key_sched(key2,KS); - printf("Examples per FIPS publication 81, keys ivs and cipher\n"); - printf("in hex. These are the correct answers, see below for\n"); - printf("the actual answers.\n\n"); - printf("Examples per Davies and Price.\n\n"); - printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); - printf("\tclear = 0\n"); - printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); - printf("ACTUAL ECB\n"); - printf("\tclear \"%s\"\n", input); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encription is correct\n\n"); - } - - /* ECB mode */ - { - des_key_sched(default_key,KS); - input = clear_text; - ivec = default_ivec; - printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); - printf("ACTUAL ECB\n\tclear \"%s\"",input); - do_encrypt(input,cipher_text); - printf("\n\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encription is correct\n\n"); - } - - /* CBC mode */ - printf("EXAMPLE CBC\tkey = 0123456789abcdef"); - printf("\tiv = 1234567890abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); - printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); - printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); - - printf("ACTUAL CBC\n\tclear \"%s\"\n",input); - in_length = strlen((char *) input); - des_cbc_encrypt(input,cipher_text, in_length,KS,ivec,1); - printf("\tciphertext = (low to high bytes)\n"); - for (i = 0; i <= 7; i++) { - printf("\t\t"); - for (j = 0; j <= 7; j++) { - printf("%02x ",cipher_text[i*8+j]); - } - printf("\n"); - } - des_cbc_encrypt(cipher_text,clear_text,in_length,KS,ivec,0); - printf("\tdecrypted clear_text = \"%s\"\n",clear_text); - - if ( memcmp(cipher_text, cipher3, (size_t) in_length) ) { - printf("verify: error in CBC encryption\n"); - exit(-1); - } - else - printf("verify: CBC encription is correct\n\n"); - - printf("EXAMPLE CBC checksum"); - printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); - printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); - printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); - printf("or some part thereof\n"); - input = clear_text2; - des_cbc_cksum(input,cipher_text,(long) strlen((char *) input),KS,ivec); - printf("ACTUAL CBC checksum\n"); - printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { - printf("verify: error in CBC cheksum\n"); - exit(-1); - } - else - printf("verify: CBC checksum is correct\n\n"); - exit(0); -} - -void -do_encrypt(in,out) - unsigned char *in; - unsigned char *out; -{ - for (i =1; i<=nflag; i++) { - des_ecb_encrypt((unsigned long *) in, (unsigned long *)out, KS, 1); - if (des_debug) { - printf("\nclear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} - -void -do_decrypt(in,out) - unsigned char *out; - unsigned char *in; - /* try to invert it */ -{ - for (i =1; i<=nflag; i++) { - des_ecb_encrypt((unsigned long *) out, (unsigned long *)in,KS,0); - if (des_debug) { - printf("clear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} Deleted: branches/mskrb-integ/src/lib/des425/weak_key.c =================================================================== --- branches/mskrb-integ/src/lib/des425/weak_key.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/des425/weak_key.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,41 +0,0 @@ -/* - * lib/des425/weak_key.c - * - * Copyright 1989,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "des_int.h" -#include "des.h" - -/* - * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. - * - * Requires: key has correct odd parity. - */ -int -des_is_weak_key(key) - mit_des_cblock key; -{ - return (mit_des_is_weak_key(key)); -} Modified: branches/mskrb-integ/src/lib/kadm5/admin.h =================================================================== --- branches/mskrb-integ/src/lib/kadm5/admin.h 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kadm5/admin.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -515,6 +515,8 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *); +krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args); + /* * kadm5_get_principal_keys is used only by kadmin.local to extract existing * keys from the database without changing them. It should never be exposed Modified: branches/mskrb-integ/src/lib/kadm5/alt_prof.c =================================================================== --- branches/mskrb-integ/src/lib/kadm5/alt_prof.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kadm5/alt_prof.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -142,7 +142,7 @@ { static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" }; static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" }; - int i; + unsigned int i; for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++) if (!strcasecmp(string, yes[i])) { @@ -250,7 +250,7 @@ { krb5_error_code kret; char **values; - int i, lastidx; + int lastidx; if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { for (lastidx=0; values[lastidx]; lastidx++); Modified: branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c =================================================================== --- branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -839,7 +839,7 @@ * libkdb's ulog functions. The srv equivalent makes the actual calls. */ krb5_error_code -kadm5_init_iprop(void *handle) +kadm5_init_iprop(void *handle, char **db_args) { return (0); } Modified: branches/mskrb-integ/src/lib/kadm5/logger.c =================================================================== --- branches/mskrb-integ/src/lib/kadm5/logger.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kadm5/logger.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -569,7 +569,7 @@ { "LOCAL7", LOG_LOCAL7 }, #endif /* LOG_LOCAL7 */ }; - int j; + unsigned int j; for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++) if (!strcasecmp(cp2, facilities[j].name)) { Modified: branches/mskrb-integ/src/lib/kdb/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/kdb/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kdb/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -86,7 +86,7 @@ $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - adb_err.h kdb5.c kdb5.h + adb_err.h kdb5.c kdb5.h kdb5int.h encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -172,7 +172,7 @@ $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kdb5.h kdb_log.c + kdb5.h kdb5int.h kdb_log.c keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ Modified: branches/mskrb-integ/src/lib/kdb/kdb5.c =================================================================== --- branches/mskrb-integ/src/lib/kdb/kdb5.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kdb/kdb5.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -38,6 +38,7 @@ #include "kdb5.h" #include #include "kdb_log.h" +#include "kdb5int.h" /* Currently DB2 policy related errors are exported from DAL. But other databases should set_err function to return string. */ Copied: branches/mskrb-integ/src/lib/kdb/kdb5int.h (from rev 21677, branches/mskrb-integ/src/lib/crypto/mandatory_sumtype.c) =================================================================== --- branches/mskrb-integ/src/lib/crypto/mandatory_sumtype.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kdb/kdb5int.h 2009-01-03 03:00:25 UTC (rev 21678) @@ -0,0 +1,44 @@ +/* + * lib/kdb5/kdb5int.h + * + * Copyright (C) 2008 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Private header file for the kdb5 library for internal functions + */ + +#ifndef __KDB5INT_H__ +#define __KDB5INT_H__ + +#include "kdb5.h" + +krb5_error_code +krb5int_put_principal_no_log(krb5_context kcontext, + krb5_db_entry *entries, int *nentries); + +krb5_error_code +krb5int_delete_principal_no_log(krb5_context kcontext, + krb5_principal search_for, + int *nentries); + +#endif /* __KDB5INT_H__ */ Modified: branches/mskrb-integ/src/lib/kdb/kdb_log.c =================================================================== --- branches/mskrb-integ/src/lib/kdb/kdb_log.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/kdb/kdb_log.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -16,6 +16,7 @@ #include #include "kdb5.h" #include "kdb_log.h" +#include "kdb5int.h" /* * This modules includes all the necessary functions that create and @@ -73,7 +74,7 @@ (pagesize-1)) & (~(pagesize-1)); size = end - start; - if (retval = msync((caddr_t)start, size, MS_SYNC)) { + if ((retval = msync((caddr_t)start, size, MS_SYNC))) { return (retval); } @@ -186,10 +187,10 @@ recsize = sizeof (kdb_ent_header_t) + upd_size; if (recsize > ulog->kdb_block) { - if (retval = ulog_resize(ulog, ulogentries, ulogfd, recsize)) { - /* Resize element array failed */ - return (retval); - } + if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) { + /* Resize element array failed */ + return (retval); + } } cur_sno = ulog->kdb_last_sno; @@ -227,7 +228,7 @@ if (!xdr_kdb_incr_update_t(&xdrs, upd)) return (KRB5_LOG_CONV); - if (retval = ulog_sync_update(ulog, indx_log)) + if ((retval = ulog_sync_update(ulog, indx_log))) return (retval); if (ulog->kdb_num < ulogentries) @@ -280,7 +281,7 @@ ulog->kdb_state = KDB_STABLE; - if (retval = ulog_sync_update(ulog, indx_log)) + if ((retval = ulog_sync_update(ulog, indx_log))) return (retval); ulog_sync_header(ulog); @@ -370,8 +371,8 @@ (upd->kdb_princ_name.utf8str_t_len + 1)); dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; - if (retval = krb5_parse_name(context, dbprincstr, - &dbprinc)) { + if ((retval = krb5_parse_name(context, dbprincstr, + &dbprinc))) { goto cleanup; } @@ -398,7 +399,7 @@ (void) memset(entry, 0, sizeof (krb5_db_entry)); - if (retval = ulog_conv_2dbentry(context, entry, upd, 1)) + if ((retval = ulog_conv_2dbentry(context, entry, upd, 1))) goto cleanup; retval = krb5int_put_principal_no_log(context, entry, @@ -441,7 +442,7 @@ { XDR xdrs; krb5_error_code retval = 0; - int i; + unsigned int i; kdb_ent_header_t *indx_log; kdb_incr_update_t *upd = NULL; kdb_incr_result_t *incr_ret = NULL; Deleted: branches/mskrb-integ/src/lib/krb4/CCache-glue.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/CCache-glue.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/CCache-glue.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,741 +0,0 @@ -/* - * CCache-glue.c - * - * This file contains implementations of krb4 credentials cache operations in terms - * of the CCache API (). - * - * $Header$ - */ - - -#include "krb.h" -#include "krb4int.h" - -#if !defined (USE_CCAPI) || !USE_CCAPI -#error "Cannot use CCache glue without the CCAPI!" -#endif - -#ifdef USE_LOGIN_LIBRARY -#include -#endif /* USE_LOGIN_LIBRARY */ -#include - -#include -#include - -/* - * The following functions are part of the KfM ABI. - * They are deprecated, so they only appear here, not in krb.h. - * - * Do not change the ABI of these functions! - */ -int KRB5_CALLCONV krb_get_num_cred(void); -int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int); -int KRB5_CALLCONV krb_delete_cred(char *, char *,char *); -int KRB5_CALLCONV dest_all_tkts(void); - -/* Internal functions */ -static void UpdateDefaultCache (void); - -/* - * The way Kerberos v4 normally works is that at any given point in time there is a - * file where all the tickets go, determined by an environment variable. If a user kinits - * to a new principal, the existing tickets are replaced with new ones. At any point in time, there is a - * "current" or "default" principal, which is determined by the principal associated with - * the current ticket file. - * - * In the CCache API implementation, this corresponds to always having a "default" - * or "current" named cache. The default principal then corresponds to that cache. - * - * Unfortunately, Kerberos v4 also has this notion that the default cache exists (in the sense - * that its name is known) even before the actual file has been created. - * - * In addition to this, we cannot make the default cache system-wide global, because then - * we get all sorts of interesting scenarios in which context switches between processes - * can cause credentials to be stored in wrong caches. - * - * To solve all the problems, we have to emulate the concept of an environment variable, - * by having a system-wide concept of what a default credentials cache is; then, we copy - * the system-wide value into the per-process value when the application starts up. - * - * However, in order to allow applications to be able to sanely handle the user model we - * want to support, in which the user has some way of selecting the system-wide default - * user _without_ quitting and relaunching all applications (this is also necessary for - * KClient support), calls had to be added to the Kerberos v4 library to reset the - * per-process cached value of default cache. - */ - -/* - * Name of the default cache - */ -char* gDefaultCacheName = NULL; - -/* - * Initialize credentials cache - * - * Creating the cache will blow away an existing one. The assumption is that - * whoever called us made sure that the one that we blow away if it exists - * is the right one to blow away. - */ - -int KRB5_CALLCONV -krb_in_tkt ( - char* pname, - char* pinst, - char* realm) -{ - char principal [MAX_K_NAME_SZ + 1]; - cc_int32 err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (err == ccNoError) { - snprintf (principal, sizeof(principal), "%s%s%s@%s", pname, (pinst [0] == '\0') ? "" : ".", pinst, realm); - } - - if (err == ccNoError) { - err = cc_context_create_ccache (cc_context, TKT_FILE, cc_credentials_v4, principal, &ccache); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -int KRB5_CALLCONV -krb_save_credentials( - char *service, - char *instance, - char *realm, - C_Block session, - int lifetime, - int kvno, - KTEXT ticket, - long issue_date) -{ - return krb4int_save_credentials_addr(service, instance, realm, - session, lifetime, kvno, - ticket, issue_date, 0); -} - -/* - * Store a ticket into the default credentials cache - * cache must exist (if it didn't exist, it would have been created by in_tkt) - */ -int -krb4int_save_credentials_addr( - char* service, - char* instance, - char* realm, - C_Block session, - int lifetime, - int kvno, - KTEXT ticket, - KRB4_32 issue_date, - KRB_UINT32 local_address) -{ - cc_int32 cc_err = ccNoError; - int kerr = KSUCCESS; - cc_credentials_v4_t v4creds; - cc_credentials_union creds; - cc_ccache_t ccache = NULL; - cc_string_t principal; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - /* First try existing cache */ - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - /* Now we have a cache. Fill out the credentials and put them in the cache. */ - /* To fill out the credentials, we need the principal */ - cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal); - } - - if (cc_err == ccNoError) { - kerr = kname_parse (v4creds.principal, v4creds.principal_instance, v4creds.realm, (char*) principal -> data); - cc_string_release (principal); - } - - if ((cc_err == ccNoError) && (kerr == KSUCCESS)) { - strncpy (v4creds.service, service, SNAME_SZ); - strncpy (v4creds.service_instance, instance, INST_SZ); - strncpy (v4creds.realm, realm, REALM_SZ); - memmove (v4creds.session_key, session, sizeof (C_Block)); - v4creds.kvno = kvno; - v4creds.string_to_key_type = cc_v4_stk_unknown; - v4creds.issue_date = issue_date; - v4creds.address = local_address; - v4creds.lifetime = lifetime; - v4creds.ticket_size = ticket -> length; - memmove (v4creds.ticket, ticket -> dat, ticket -> length); - - creds.version = cc_credentials_v4; - creds.credentials.credentials_v4 = &v4creds; - - cc_err = cc_ccache_store_credentials (ccache, &creds); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -/* - * Credentials file -> realm mapping - * - * Determine the realm by opening the named cache and parsing realm from the principal - */ -int KRB5_CALLCONV -krb_get_tf_realm ( - const char* ticket_file, - char* realm) -{ - cc_string_t principal; - char pname [ANAME_SZ]; - char pinst [INST_SZ]; - char prealm [REALM_SZ]; - int kerr = KSUCCESS; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version = 0; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal); - } - - if (cc_err == ccNoError) { - /* found cache. get princiapl and parse it */ - kerr = kname_parse (pname, pinst, prealm, (char*) principal -> data); - cc_string_release (principal); - } - - if ((cc_err == ccNoError) && (kerr == KSUCCESS)) { - strcpy (realm, prealm); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return GC_NOTKT; - else - return KSUCCESS; -} - -/* - * Credentials file -> name, instance, realm mapping - */ -int KRB5_CALLCONV -krb_get_tf_fullname ( - const char* ticket_file, - char* name, - char* instance, - char* realm) -{ - cc_string_t principal; - int kerr = KSUCCESS; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache); - } - - if (cc_err == ccNoError) { - /* found cache. get principal and parse it */ - cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal); - } - - if (cc_err == ccNoError) { - kerr = kname_parse (name, instance, realm, (char*) principal -> data); - cc_string_release (principal); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return GC_NOTKT; - else - return KSUCCESS; -} - - -/* - * Retrieval from credentials cache - */ -int KRB5_CALLCONV -krb_get_cred ( - char* service, - char* instance, - char* realm, - CREDENTIALS* creds) -{ - int kerr = KSUCCESS; - cc_int32 cc_err = ccNoError; - cc_credentials_t theCreds = NULL; - cc_credentials_iterator_t iterator = NULL; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - -#ifdef USE_LOGIN_LIBRARY - // If we are requesting a tgt, prompt for it - if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) { - OSStatus err; - char *cacheName; - KLPrincipal outPrincipal; - - err = __KLInternalAcquireInitialTicketsForCache (TKT_FILE, kerberosVersion_V4, NULL, - &outPrincipal, &cacheName); - - if (err == klNoErr) { - krb_set_tkt_string (cacheName); // Tickets for the krb4 principal went here - KLDisposeString (cacheName); - KLDisposePrincipal (outPrincipal); - } else { - return GC_NOTKT; - } - } -#endif /* USE_LOGIN_LIBRARY */ - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err == ccIteratorEnd) { - kerr = GC_NOTKT; - break; - } - if (cc_err != ccNoError) { - kerr = KFAILURE; - break; - } - - /* version, service, instance, realm check */ - if ((theCreds -> data -> version == cc_credentials_v4) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, service) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, instance) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, realm) == 0)) { - - /* Match! */ - strcpy (creds -> service, service); - strcpy (creds -> instance, instance); - strcpy (creds -> realm, realm); - memmove (creds -> session, theCreds -> data -> credentials.credentials_v4 -> session_key, sizeof (C_Block)); - creds -> lifetime = theCreds -> data -> credentials.credentials_v4 -> lifetime; - creds -> kvno = theCreds -> data -> credentials.credentials_v4 -> kvno; - creds -> ticket_st.length = theCreds -> data -> credentials.credentials_v4 -> ticket_size; - memmove (creds -> ticket_st.dat, theCreds -> data -> credentials.credentials_v4 -> ticket, creds -> ticket_st.length); - creds -> issue_date = theCreds -> data -> credentials.credentials_v4 -> issue_date; - strcpy (creds -> pname, theCreds -> data -> credentials.credentials_v4 -> principal); - strcpy (creds -> pinst, theCreds -> data -> credentials.credentials_v4 -> principal_instance); - creds -> stk_type = theCreds -> data -> credentials.credentials_v4 -> string_to_key_type; - - cc_credentials_release (theCreds); - kerr = KSUCCESS; - break; - } else { - cc_credentials_release (theCreds); - } - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return GC_NOTKT; - else - return KSUCCESS; -} - - -/* - * Getting name of default credentials cache - */ -const char* KRB5_CALLCONV -tkt_string (void) -{ - if (gDefaultCacheName == NULL) { - UpdateDefaultCache (); - } - return gDefaultCacheName; -} - -/* - * Synchronize default cache for this process with system default cache - */ - -static void -UpdateDefaultCache (void) -{ - cc_string_t name; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_get_default_ccache_name (cc_context, &name); - } - - if (cc_err == ccNoError) { - krb_set_tkt_string ((char*) name -> data); - cc_string_release (name); - } - - if (cc_context != NULL) - cc_context_release (cc_context); -} - -/* - * Setting name of default credentials cache - */ -void -krb_set_tkt_string ( - const char* val) -{ - /* If we get called with the return value of tkt_string, we - shouldn't dispose of the input string */ - if (val != gDefaultCacheName) { - if (gDefaultCacheName != NULL) - free (gDefaultCacheName); - - gDefaultCacheName = malloc (strlen (val) + 1); - if (gDefaultCacheName != NULL) - strcpy (gDefaultCacheName, val); - } -} - -/* - * Destroy credentials file - * - * Implementation in dest_tkt.c - */ -int KRB5_CALLCONV -dest_tkt (void) -{ - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_ccache_destroy (ccache); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return RET_TKFIL; - else - return KSUCCESS; -} - -/* - * The following functions are not part of the standard Kerberos v4 API. - * They were created for Mac implementation, and used by admin tools - * such as CNS-Config. - */ - -/* - * Number of credentials in credentials cache - */ -int KRB5_CALLCONV -krb_get_num_cred (void) -{ - cc_credentials_t theCreds = NULL; - int count = 0; - cc_credentials_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err != ccNoError) - break; - - if (theCreds -> data -> version == cc_credentials_v4) - count++; - - cc_credentials_release (theCreds); - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return 0; - else - return count; -} - -/* - * Retrieval from credentials file - * This function is _not_!! well-defined under CCache API, because - * there is no guarantee about order of credentials remaining the same. - */ -int KRB5_CALLCONV -krb_get_nth_cred ( - char* sname, - char* sinstance, - char* srealm, - int n) -{ - cc_credentials_t theCreds = NULL; - int count = 0; - cc_credentials_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - if (n < 1) - return KFAILURE; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (count = 0; count < n;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err != ccNoError) - break; - - if (theCreds -> data -> version == cc_credentials_v4) - count++; - - if (count < n - 1) - cc_credentials_release (theCreds); - } - } - - if (cc_err == ccNoError) { - strcpy (sname, theCreds -> data -> credentials.credentials_v4 -> service); - strcpy (sinstance, theCreds -> data -> credentials.credentials_v4 -> service_instance); - strcpy (srealm, theCreds -> data -> credentials.credentials_v4 -> realm); - } - - if (theCreds != NULL) - cc_credentials_release (theCreds); - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -/* - * Deletion from credentials file - */ -int KRB5_CALLCONV -krb_delete_cred ( - char* sname, - char* sinstance, - char* srealm) -{ - cc_credentials_t theCreds = NULL; - cc_credentials_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err != ccNoError) { - break; - } - - if ((theCreds -> data -> version == cc_credentials_v4) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, sname) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, sinstance) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, srealm) == 0)) { - - cc_ccache_remove_credentials (ccache, theCreds); - cc_credentials_release (theCreds); - break; - } - - cc_credentials_release (theCreds); - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -/* - * Destroy all credential caches - * - * Implementation in memcache.c - */ -int KRB5_CALLCONV -dest_all_tkts (void) -{ - int count = 0; - cc_ccache_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_new_ccache_iterator (cc_context, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next ccache */ - cc_err = cc_ccache_iterator_next (iterator, &ccache); - - if (cc_err != ccNoError) - break; - - cc_ccache_destroy (ccache); - count++; - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (cc_context != NULL) - cc_context_release (cc_context); - - if ((cc_err == ccIteratorEnd) && (count == 0)) { - /* first time, nothing to destroy */ - return KFAILURE; - } else { - if (cc_err == ccIteratorEnd) { - /* done */ - return KSUCCESS; - } else { - /* error */ - return KFAILURE; - } - } -} Deleted: branches/mskrb-integ/src/lib/krb4/FSp-glue.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/FSp-glue.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/FSp-glue.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,112 +0,0 @@ -/* - * lib/krb4/FSp-glue.c - * - * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * MacOS-specific glue for using FSSpecs to deal with srvtabs. - */ - -#include "krb.h" -#include "krb4int.h" -#include -#include - -#include -/* - * These functions are compiled in for ABI compatibility with older versions of KfM. - * They are deprecated so they do not appear in the KfM headers anymore. - * - * Do not change their ABIs! - */ -int KRB5_CALLCONV FSp_krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, const FSSpec *); -int KRB5_CALLCONV FSp_put_svc_key (const FSSpec *, char *, char *, char *, int, char *); -int KRB5_CALLCONV FSp_read_service_key (char *, char *, char *, int, const FSSpec*, char *); - -static int FSp_srvtab_to_key (char *, char *, char *, char *, C_Block); - -int KRB5_CALLCONV -FSp_read_service_key( - char *service, /* Service Name */ - char *instance, /* Instance name or "*" */ - char *realm, /* Realm */ - int kvno, /* Key version number */ - const FSSpec *filespec, /* Filespec */ - char *key) /* Pointer to key to be filled in */ -{ - int retval = KFAILURE; - char file [MAXPATHLEN]; - if (filespec != NULL) { - if (FSSpecToPOSIXPath (filespec, file, sizeof(file)) != noErr) { - return retval; - } - } - retval = read_service_key(service, instance, realm, kvno, file, key); - if (file != NULL) { - free (file); - } - return retval; -} - -int KRB5_CALLCONV -FSp_put_svc_key( - const FSSpec *sfilespec, - char *name, - char *inst, - char *realm, - int newvno, - char *key) -{ - int retval = KFAILURE; - char sfile[MAXPATHLEN]; - - if (sfilespec != NULL) { - if (FSSpecToPOSIXPath (sfilespec, sfile, sizeof(sfile)) != noErr) { - return retval; - } - } - retval = put_svc_key(sfile, name, inst, realm, newvno, key); - if (sfile != NULL) { - free (sfile); - } - return retval; -} - -int KRB5_CALLCONV -FSp_krb_get_svc_in_tkt( - char *user, char *instance, char *realm, - char *service, char *sinstance, int life, - const FSSpec *srvtab) -{ - /* Cast the FSSpec into the password field. It will be pulled out again */ - /* by FSp_srvtab_to_key and used to read the real password */ - return krb_get_in_tkt(user, instance, realm, service, sinstance, - life, FSp_srvtab_to_key, NULL, (char *)srvtab); -} - -static int FSp_srvtab_to_key(char *user, char *instance, char *realm, - char *srvtab, C_Block key) -{ - /* FSp_read_service_key correctly handles a NULL FSSpecPtr */ - return FSp_read_service_key(user, instance, realm, 0, - (FSSpec *)srvtab, (char *)key); -} Deleted: branches/mskrb-integ/src/lib/krb4/Makefile.in =================================================================== --- branches/mskrb-integ/src/lib/krb4/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,664 +0,0 @@ -thisconfigdir=../.. -myfulldir=lib/krb4 -mydir=lib/krb4 -BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV -I. -DEFINES= -DKRB4_USE_KEYTAB -DEFS= - -##DOS##BUILDTOP = ..\.. -##DOS##LIBNAME=$(OUTPRE)krb4.lib -##DOS##OBJFILE=$(OUTPRE)krb4.lst - -LIBBASE=krb4 -LIBMAJOR=2 -LIBMINOR=0 -RELDIR=krb4 - -# Depends on libk5crypto, libkrb5, KRB4_CRYPTO_LIB and _et_list... -# Depends on libkrb5, expect to find -# krb5_init_context, krb5_free_context, profile_get_values -# -KRB4_CRYPTO_LIBS=-ldes425 - -SHLIB_EXPDEPS = \ - $(TOPLIBD)/libdes425$(SHLIBEXT) \ - $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(TOPLIBD)/libkrb5$(SHLIBEXT) -SHLIB_EXPLIBS=-lkrb5 -lcom_err -ldes425 -lk5crypto -SHLIB_DIRS=-L$(TOPLIBD) -SHLIB_RDIRS=$(KRB5_LIBDIR) - -EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV -KRB_ERR=@KRB_ERR@ -##DOS##KRB_ERR=$(OUTPRE)krb_err.$(OBJEXT) - -# Name of generated krb_err.c, needed for err_txt.* dependency on Darwin. -KRB_ERR_C=@KRB_ERR_C@ -##DOS##KRB_ERR_C= - -OBJS = \ - $(OUTPRE)change_password.$(OBJEXT) \ - $(OUTPRE)cr_auth_repl.$(OBJEXT) \ - $(OUTPRE)cr_ciph.$(OBJEXT) \ - $(OUTPRE)cr_tkt.$(OBJEXT) \ - $(OUTPRE)debug.$(OBJEXT) \ - $(OUTPRE)decomp_tkt.$(OBJEXT) \ - $(OUTPRE)err_txt.$(OBJEXT) \ - $(OUTPRE)g_ad_tkt.$(OBJEXT) \ - $(OUTPRE)g_in_tkt.$(OBJEXT) \ - $(OUTPRE)g_phost.$(OBJEXT) \ - $(OUTPRE)g_pw_in_tkt.$(OBJEXT) \ - $(OUTPRE)g_pw_tkt.$(OBJEXT) \ - $(OUTPRE)g_tkt_svc.$(OBJEXT) \ - $(OUTPRE)gethostname.$(OBJEXT) \ - $(OUTPRE)getst.$(OBJEXT) \ - $(OUTPRE)kadm_err.$(OBJEXT) \ - $(OUTPRE)kadm_net.$(OBJEXT) \ - $(OUTPRE)kadm_stream.$(OBJEXT) \ - $(OUTPRE)kname_parse.$(OBJEXT) \ - $(OUTPRE)lifetime.$(OBJEXT) \ - $(OUTPRE)mk_auth.$(OBJEXT) \ - $(OUTPRE)mk_err.$(OBJEXT) \ - $(OUTPRE)mk_priv.$(OBJEXT) \ - $(OUTPRE)mk_req.$(OBJEXT) \ - $(OUTPRE)mk_safe.$(OBJEXT) \ - $(OUTPRE)month_sname.$(OBJEXT) \ - $(OUTPRE)password_to_key.$(OBJEXT) \ - $(OUTPRE)prot_client.$(OBJEXT) \ - $(OUTPRE)prot_common.$(OBJEXT) \ - $(OUTPRE)prot_kdc.$(OBJEXT) \ - $(OUTPRE)pkt_cipher.$(OBJEXT) \ - $(OUTPRE)pkt_clen.$(OBJEXT) \ - $(OUTPRE)rd_err.$(OBJEXT) \ - $(OUTPRE)rd_priv.$(OBJEXT) \ - $(OUTPRE)rd_safe.$(OBJEXT) \ - $(OUTPRE)send_to_kdc.$(OBJEXT) \ - $(OUTPRE)stime.$(OBJEXT) \ - $(OUTPRE)strnlen.$(OBJEXT) \ - $(OUTPRE)rd_preauth.$(OBJEXT) \ - $(OUTPRE)mk_preauth.$(OBJEXT) \ - $(OSOBJS) $(CACHEOBJS) $(SETENVOBJS) $(STRCASEOBJS) $(SHMOBJS) \ - $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) $(KRB_ERR) - -SRCS = \ - change_password.c \ - cr_auth_repl.c \ - cr_ciph.c \ - cr_tkt.c \ - debug.c \ - decomp_tkt.c \ - g_ad_tkt.c \ - g_pw_in_tkt.c \ - g_phost.c \ - g_pw_tkt.c \ - g_tkt_svc.c \ - getst.c \ - gethostname.c \ - kadm_err.c \ - kadm_net.c \ - kadm_stream.c \ - kname_parse.c \ - err_txt.c \ - lifetime.c \ - g_in_tkt.c \ - mk_auth.c \ - mk_err.c \ - mk_priv.c \ - mk_req.c \ - mk_safe.c \ - month_sname.c \ - password_to_key.c \ - pkt_cipher.c \ - pkt_clen.c \ - prot_client.c \ - prot_common.c \ - prot_kdc.c \ - rd_err.c \ - rd_priv.c \ - rd_safe.c \ - send_to_kdc.c \ - stime.c \ - strnlen.c \ - rd_preauth.c \ - mk_preauth.c \ - unix_time.c \ - $(OSSRCS) $(CACHESRCS) $(SETENVSRCS) $(STRCASESRCS) $(SHMSRCS) \ - $(LIB_KRB_HOSTSRCS) $(SERVER_KRB_SRCS) $(NETIO_SRCS) $(REALMDBSRCS) - -STLIBOBJS = $(OBJS) -STOBJLISTS=OBJS.ST - -# -# These objects implement the time computation routines. -# -OSOBJS = $(OUTPRE)unix_time.$(OBJEXT) -OSSRCS = unix_time.c - -##DOS##OSOBJS = $(OUTPRE)win_time.obj - -# -# These objects implement ticket cacheing for Unix. They are -# replaced by other files when compiling for Windows or Mac. -# -CACHESRCS = \ - tf_util.c dest_tkt.c in_tkt.c \ - tkt_string.c g_tf_fname.c g_tf_realm.c \ - g_cred.c save_creds.c -CACHEOBJS = \ - $(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \ - $(OUTPRE)tkt_string.$(OBJEXT) $(OUTPRE)g_tf_fname.$(OBJEXT) $(OUTPRE)g_tf_realm.$(OBJEXT) \ - $(OUTPRE)g_cred.$(OBJEXT) $(OUTPRE)save_creds.$(OBJEXT) - -##DOS##CACHEOBJS = $(OUTPRE)memcache.$(OBJEXT) - -# -# These objects implement Kerberos realm<->host database lookup. -# They read config files and/or network databases in various ways -# on various platforms. -# - -CNFFILE = g_cnffile -##DOS##CNFFILE = win_store - -REALMDBSRCS=$(CNFFILE).c RealmsConfig-glue.c -REALMDBOBJS=$(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)RealmsConfig-glue.$(OBJEXT) - -# -# These objects are only used on server or debug implementations of Kerberos, -# and they cause some major or minor sort of trouble for some -# client-only platform (Mac or Windows). -# -SERVER_KRB_SRCS = \ - klog.c kuserok.c log.c \ - kntoln.c \ - fgetst.c rd_svc_key.c cr_err_repl.c \ - rd_req.c g_svc_in_tkt.c recvauth.c \ - ad_print.c cr_death_pkt.c \ - put_svc_key.c sendauth.c -SERVER_KRB_OBJS = \ - $(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \ - $(OUTPRE)kntoln.$(OBJEXT) \ - $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \ - $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \ - $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \ - $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT) -# -# These objects are included on Unix and Windows (for kstream and kadm) -# but not under Mac (there are no file descriptors). -# -NETIO_SRCS=netread.c netwrite.c -NETIO_OBJS=$(OUTPRE)netread.$(OBJEXT) $(OUTPRE)netwrite.$(OBJEXT) - -# -# These objects glue the Kerberos library to the operating system -# (time-of-day access, etc). They are replaced in Mac and Windows -# by other _glue.* routines. -# -LIB_KRB_HOSTSRCS=unix_glue.c -LIB_KRB_HOSTOBJS=$(OUTPRE)unix_glue.$(OBJEXT) - -##DOS##LIB_KRB_HOSTOBJS=$(OUTPRE)win_glue.obj - -ARCHIVEARGS= $@ $(OBJS) - -# We want *library* compiler options... -DBG=$(DBG_LIB) - -all-unix:: includes all-liblinks - -##DOS##LIBOBJS = $(OBJS) - -# comp_et_depend(krb_err) -krb_err.h: krb_err.et -krb_err.c: krb_err.et - -kadm_err.h: kadm_err.et -kadm_err.c: kadm_err.et - -GEN_ERRTXT=$(AWK) -f $(srcdir)$(S)et_errtxt.awk outfile=$@ - -krb_err_txt.c: krb_err.et $(srcdir)$(S)et_errtxt.awk - $(GEN_ERRTXT) $(srcdir)/krb_err.et - -# Will be empty on Darwin, krb_err_txt.c elsewhere. -KRB_ERR_TXT=@KRB_ERR_TXT@ -##DOS##KRB_ERR_TXT=krb_err_txt.c -err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(KRB_ERR_C) $(KRB_ERR_TXT) - -depend-dependencies: krb_err.h $(EHDRDIR)$(S)krb_err.h \ - kadm_err.h $(EHDRDIR)$(S)kadm_err.h \ - krb_err.c - -includes: $(EHDRDIR)$(S)krb_err.h $(EHDRDIR)$(S)kadm_err.h - -$(EHDRDIR)$(S)krb_err.h: krb_err.h - $(CP) krb_err.h $@ -$(EHDRDIR)$(S)kadm_err.h: kadm_err.h - $(CP) kadm_err.h $@ - -clean-unix:: - $(RM) $(EHDRDIR)/krb_err.h - $(RM) $(EHDRDIR)/kadm_err.h - $(RM) krb_err_txt.c - -clean:: - -$(RM) $(OBJS) - -clean-:: clean-unix - -clean-unix:: - -$(RM) krb_err.c - -$(RM) krb_err.h - -$(RM) kadm_err.c - -$(RM) kadm_err.h - -$(RM) ../../include/kerberosIV/krb_err.h - -$(RM) ../../include/kerberosIV/kadm_err.h - -clean-unix:: clean-liblinks clean-libs clean-libobjs - - -check-unix:: $(TEST_PROGS) -check-windows:: - - -install-unix:: install-libs - - at lib_frag@ - at libobj_frag@ - -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -change_password.so change_password.po $(OUTPRE)change_password.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/port-sockets.h change_password.c \ - krb4int.h -cr_auth_repl.so cr_auth_repl.po $(OUTPRE)cr_auth_repl.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_auth_repl.c -cr_ciph.so cr_ciph.po $(OUTPRE)cr_ciph.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_ciph.c -cr_tkt.so cr_tkt.po $(OUTPRE)cr_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/port-sockets.h cr_tkt.c -debug.so debug.po $(OUTPRE)debug.$(OBJEXT): $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - debug.c -decomp_tkt.so decomp_tkt.po $(OUTPRE)decomp_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h \ - $(SRCTOP)/include/port-sockets.h decomp_tkt.c -g_ad_tkt.so g_ad_tkt.po $(OUTPRE)g_ad_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - g_ad_tkt.c krb4int.h -g_pw_in_tkt.so g_pw_in_tkt.po $(OUTPRE)g_pw_in_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ - g_pw_in_tkt.c krb4int.h -g_phost.so g_phost.po $(OUTPRE)g_phost.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h g_phost.c -g_pw_tkt.so g_pw_tkt.po $(OUTPRE)g_pw_tkt.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h g_pw_tkt.c -g_tkt_svc.so g_tkt_svc.po $(OUTPRE)g_tkt_svc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - g_tkt_svc.c -getst.so getst.po $(OUTPRE)getst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - getst.c krb4int.h -gethostname.so gethostname.po $(OUTPRE)gethostname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/port-sockets.h gethostname.c krb4int.h -kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \ - $(COM_ERR_DEPS) kadm_err.c -kadm_net.so kadm_net.po $(OUTPRE)kadm_net.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/krbports.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - kadm_net.c -kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/port-sockets.h kadm_stream.c -kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - kname_parse.c -err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h err_txt.c krb4int.h -lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - lifetime.c -g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - g_in_tkt.c krb4int.h -mk_auth.so mk_auth.po $(OUTPRE)mk_auth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h mk_auth.c -mk_err.so mk_err.po $(OUTPRE)mk_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h mk_err.c -mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - mk_priv.c -mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h mk_req.c -mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - mk_safe.c -month_sname.so month_sname.po $(OUTPRE)month_sname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h month_sname.c -password_to_key.so password_to_key.po $(OUTPRE)password_to_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h password_to_key.c -pkt_cipher.so pkt_cipher.po $(OUTPRE)pkt_cipher.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \ - pkt_cipher.c -pkt_clen.so pkt_clen.po $(OUTPRE)pkt_clen.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \ - pkt_clen.c -prot_client.so prot_client.po $(OUTPRE)prot_client.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h prot_client.c -prot_common.so prot_common.po $(OUTPRE)prot_common.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h prot_common.c -prot_kdc.so prot_kdc.po $(OUTPRE)prot_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - prot_kdc.c -rd_err.so rd_err.po $(OUTPRE)rd_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h rd_err.c -rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - rd_priv.c -rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - rd_safe.c -send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/krbports.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb4int.h send_to_kdc.c -stime.so stime.po $(OUTPRE)stime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h stime.c -strnlen.so strnlen.po $(OUTPRE)strnlen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h strnlen.c -rd_preauth.so rd_preauth.po $(OUTPRE)rd_preauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/krb_db.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h rd_preauth.c -mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h mk_preauth.c -unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - unix_time.c -tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb4int.h tf_util.c -dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h dest_tkt.c -in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h in_tkt.c -tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - tkt_string.c -g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h g_tf_fname.c -g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - g_tf_realm.c -g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - g_cred.c -save_creds.so save_creds.po $(OUTPRE)save_creds.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h save_creds.c -unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h unix_glue.c -klog.so klog.po $(OUTPRE)klog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - klog.c krb4int.h -kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - kuserok.c -log.so log.po $(OUTPRE)log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h log.c -kntoln.so kntoln.po $(OUTPRE)kntoln.$(OBJEXT): $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - kntoln.c -fgetst.so fgetst.po $(OUTPRE)fgetst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - fgetst.c krb4int.h -rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb4int.h rd_svc_key.c -cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_err_repl.c -rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb54proto.h rd_req.c -g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - g_svc_in_tkt.c krb4int.h -recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - recvauth.c -ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - ad_print.c krb4int.h -cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_death_pkt.c -put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h put_svc_key.c -sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h sendauth.c -netread.so netread.po $(OUTPRE)netread.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h netread.c -netwrite.so netwrite.po $(OUTPRE)netwrite.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - netwrite.c -g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - g_cnffile.c krb4int.h -RealmsConfig-glue.so RealmsConfig-glue.po $(OUTPRE)RealmsConfig-glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - RealmsConfig-glue.c krb4int.h Deleted: branches/mskrb-integ/src/lib/krb4/Password.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/Password.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/Password.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,436 +0,0 @@ -#include "kerberos.h" -#define KRB_DEFS -#include "krb_driver.h" - -#include -#include -#include -#include -#include -#include - -/* added for OpenInitRF.c - FIXME jcm - should check that they are not in c-mac - or other included file -*/ - -#include -#include -#include -#include -#include -#include - - -// #include "debug.h" - -#define kLoginDLOGID -4081 -#define kErrorALERTID -4082 -#define kLoginOKItem 1 -#define kLoginCnclItem 2 -#define kLoginNameItem 10 -#define kLoginVisPwItem 9 -#define kLoginFrameItem 5 -#define kLoginIvisPwItem 6 -#define kBadUserError 1 -#define kNotUniqueError 2 -#define kGenError 3 -#define kIntegrityError 4 -#define kBadPasswordError 5 -#define cr 0x0D -#define enter 0x03 -#define bs 0x08 -#define tab 0x09 -#define larrow 0x1C -#define rarrow 0x1D -#define uarrow 0x1E -#define darrow 0x1F -#define DialogNotDone 1 - -typedef union { // used to convert ProcPtr to Handle - Handle H; - ProcPtr P; -} Proc2Hand; - -static char gPassword [MAX_K_NAME_SZ] = "\0"; - -pascal void FrameOKbtn( WindowPtr myWindow, short itemNo ); -pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit ); - -/* - FIXME jcm - begin OpenInitRF - Mac_store thinks that it is managing the open resource file - is this code in conflict? -*/ - -void GetExtensionsFolder(short *vRefNumP, long *dirIDP) -{ - Boolean hasFolderMgr = false; - long feature; - -/* - FIXME Error: Ô_GestaltDispatchÕ has not been declared - not needed now? - jcm - if (TrapAvailable(_GestaltDispatch)) -*/ - if (Gestalt(gestaltFindFolderAttr, &feature) == noErr) hasFolderMgr = true; - if (!hasFolderMgr) { - GetSystemFolder(vRefNumP, dirIDP); - return; - } - else { - if (FindFolder(kOnSystemDisk, kExtensionFolderType, kDontCreateFolder, vRefNumP, dirIDP) != noErr) { - *vRefNumP = 0; - *dirIDP = 0; - } - } -} - -short SearchFolderForINIT(long targetType, long targetCreator, short vRefNum, long dirID) -{ - HParamBlockRec fi; - Str255 filename; - short refnum; - - fi.fileParam.ioCompletion = nil; - fi.fileParam.ioNamePtr = filename; - fi.fileParam.ioVRefNum = vRefNum; - fi.fileParam.ioDirID = dirID; - fi.fileParam.ioFDirIndex = 1; - - while (PBHGetFInfo(&fi, false) == noErr) { - /* scan system folder for driver resource files of specific type & creator */ - if (fi.fileParam.ioFlFndrInfo.fdType == targetType && - fi.fileParam.ioFlFndrInfo.fdCreator == targetCreator) { - refnum = HOpenResFile(vRefNum, dirID, filename, fsRdPerm); - return refnum; - } - /* check next file in folder */ - fi.fileParam.ioFDirIndex++; - fi.fileParam.ioDirID = dirID; /* PBHGetFInfo() clobbers ioDirID */ - } - return(-1); -} - -short OpenInitRF() -{ - short refnum; - short vRefNum; - long dirID; - - /* first search Extensions Panels */ - GetExtensionsFolder(&vRefNum, &dirID); - refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID); - if (refnum != -1) return(refnum); - - /* next search System Folder */ - GetSystemFolder(&vRefNum, &dirID); - refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID); - if (refnum != -1) return(refnum); - - /* finally, search Control Panels */ - GetCPanelFolder(&vRefNum, &dirID); - refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID); - if (refnum != -1) return(refnum); - - return -1; -} - -int DisplayError( short errorID ) -{ - OSErr err; - Str255 errText; - - GetIndString(errText,kErrorALERTID,errorID); - if (errText[0] == 0) { - SysBeep(1); // nothing else we can do - return cKrbCorruptedFile; - } - - ParamText(errText,"\p","\p","\p"); - err = StopAlert(kErrorALERTID,nil); - - return DialogNotDone; -} - - - -OSErr GetUserInfo( char *password ) -{ - DialogPtr myDLOG; - short itemHit; - short itemType; - Handle itemHandle; - Rect itemRect; - OSErr rc = DialogNotDone; - Str255 tempStr,tpswd,tuser; - Proc2Hand procConv; - short rf; - char uname[ANAME_SZ]="\0"; - char uinst[INST_SZ]="\0"; - char realm[REALM_SZ]="\0"; - char UserName[MAX_K_NAME_SZ]="\0"; - CursHandle aCursor; - - krb_get_lrealm (realm, 1); - - ////////////////////////////////////////////////////// - // already got a password, just get the initial ticket - ////////////////////////////////////////////////////// - if (*gPassword) { - strncpy (UserName, krb_get_default_user( ), sizeof(UserName)-1); - UserName[sizeof(UserName) - 1] = '\0'; - /* FIXME jcm - if we have a password then no dialog - comes up for setting the uinstance. */ - rc = kname_parse(uname, uinst, realm, UserName); - if (rc) return rc; - (void) dest_all_tkts(); // start from scratch - rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,gPassword); - *gPassword = 0; // Always clear, password only good for one shot - return rc; - } - - ///////////////////////// - // Ask user for password - ///////////////////////// - rf = OpenInitRF(); // need the resource file for the dialog resources - if (rf<=0) return rf; - password[0] = 0; - myDLOG = GetNewDialog( kLoginDLOGID, (void *) NULL, (WindowPtr) -1 ); - if( myDLOG == NULL ) { - CloseResFile(rf); - return cKrbCorruptedFile; - } - - // Insert user's name in dialog - strncpy (UserName, krb_get_default_user( ), sizeof(UserName) - 1); - UserName[sizeof(UserName) - 1] = '\0'; - if (*UserName) { - tempStr[0] = strlen(UserName); - memcpy( &(tempStr[1]), UserName, tempStr[0]); - GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect ); - SetIText( itemHandle, tempStr ); - SelIText( myDLOG, kLoginVisPwItem,0,0 ); - } - else SelIText( myDLOG, kLoginNameItem,0,0 ); - - // Establish a user item around the OK button to draw the default button frame in - GetDItem( myDLOG, kLoginOKItem, &itemType, &itemHandle, &itemRect ); - InsetRect( &itemRect, -4, -4 ); // position user item around OK button - procConv.P = (ProcPtr) FrameOKbtn; // convert ProcPtr to a Handle - SetDItem( myDLOG, kLoginFrameItem, userItem, procConv.H, &itemRect ); - - InitCursor(); - do { - do { // display the dialog & handle events - SetOKEnable(myDLOG); - ModalDialog( (ModalFilterProcPtr) TwoItemFilter, (short *) &itemHit ); - } while( itemHit != kLoginOKItem && itemHit != kLoginCnclItem ); - - if( itemHit == kLoginOKItem ) { // OK button pressed? - GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tempStr ); - - tempStr[0] = ( tempStr[0] < MAX_K_NAME_SZ ) ? tempStr[0] : MAX_K_NAME_SZ-1 ; - memcpy ((void*) UserName, (void*) &(tempStr[1]), tempStr[0]); - UserName[tempStr[0]] = 0; - - GetDItem( myDLOG, kLoginIvisPwItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tempStr ); - - tempStr[0] = ( tempStr[0] < ANAME_SZ ) ? tempStr[0] : ANAME_SZ-1 ; - memcpy( (void*) password, (void*) &(tempStr[1]), tempStr[0]); - password[tempStr[0]] = 0; - - //---------------------------------------------------- - // Get the ticket - //---------------------------------------------------- - aCursor = GetCursor(watchCursor); - SetCursor(*aCursor); - ShowCursor(); - - rc = kname_parse(uname, uinst, realm, UserName); - if (rc) return rc; - - (void) dest_all_tkts(); // start from scratch - rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,password); - InitCursor(); - if (!rc) - switch (rc) { - case KDC_PR_UNKNOWN: - case KDC_NULL_KEY: - rc = DisplayError(kBadUserError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case KDC_PR_N_UNIQUE: - rc = DisplayError(kNotUniqueError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case KDC_GEN_ERR: - rc = DisplayError(kGenError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case RD_AP_MODIFIED: - rc = DisplayError(kIntegrityError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case INTK_BADPW: - rc = DisplayError(kBadPasswordError); - SelIText( myDLOG, kLoginVisPwItem,0,256 ); - break; - default: - break; - } - //---------------------------------------------------- - } - else rc = cKrbUserCancelled; // pressed the Cancel button - } while( rc == DialogNotDone ); - - DisposDialog( myDLOG ); - CloseResFile(rf); - return rc; -} - - -static pascal void FrameOKbtn( WindowPtr myWindow, short itemNo ) -{ - short tempType; - Handle tempHandle; - Rect itemRect; - - GetDItem( (DialogPtr) myWindow, itemNo, &tempType, &tempHandle, &itemRect ); - PenSize( 3, 3 ); - FrameRoundRect( &itemRect, 16, 16 ); // make it an OK button suitable for framing -} - - -static pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit ) -{ - DialogPtr evtDlog; - short selStart, selEnd; - Handle okBtnHandle; - short tempType; - Rect tempRect; - long tempTicks; - - if( event->what != keyDown && event->what != autoKey ) - return false; // don't care about this event - - switch( event->message & charCodeMask ) - { - case cr: // Return (hitting return or enter is the same as hitting the OK button) - case enter: // Enter - - if (!OKIsEnabled(dlog)) { - event->what = nullEvent; - return false; - } - - GetDItem( dlog, kLoginOKItem, &tempType, &okBtnHandle, &tempRect ); - HiliteControl( (ControlHandle) okBtnHandle, 1 ); // hilite the OK button - Delay( 10, &tempTicks ); // wait a little while - HiliteControl( (ControlHandle) okBtnHandle, 0 ); - - *itemHit = kLoginOKItem; // OK Button - return true; // We handled the event - - case tab: // Tab - case larrow: // Left arrow (Keys that just change the selection) - case rarrow: // Right arrow - case uarrow: // Up arrow - case darrow: // Down arrow - return false; // Let ModalDialog handle them - - default: - - // First see if we're in password field, do stuff to make ¥ displayed - - if( ((DialogPeek) dlog)->editField == kLoginVisPwItem - 1 ) { - - selStart = (**((DialogPeek) dlog)->textH).selStart; // Get the selection in the visible item - selEnd = (**((DialogPeek) dlog)->textH).selEnd; - - SelIText( dlog, kLoginIvisPwItem, selStart, selEnd ); // Select text in invisible item - DialogSelect( event,&evtDlog, itemHit ); // Input key - - SelIText( dlog, kLoginVisPwItem, selStart, selEnd ); // Select same area in visible item - if( ( event->message & charCodeMask ) != bs ) // If it's not a backspace (backspace is the only key that can affect both the text and the selection- thus we need to process it in both fields, but not change it for the hidden field. - event->message = '¥'; // Replace with character to use - } - - // Do the key event and set the hilite on the OK button accordingly - - DialogSelect( event,&evtDlog, itemHit ); // Input key - SetOKEnable(dlog); - - // Pass a NULL event back to DialogMgr - - event->what = nullEvent; - - return false; - } -} - -static int SetOKEnable( DialogPtr dlog ) -{ - short itemType,state; - Handle itemHandle; - Rect itemRect; - Str255 tpswd,tuser; - ControlHandle okButton; - - GetDItem( dlog, kLoginNameItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tuser ); - GetDItem( dlog, kLoginVisPwItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tpswd ); - GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect ); - state = (tuser[0] && tpswd[0]) ? 0 : 255; - HiliteControl(okButton,state); -} - -static int OKIsEnabled( DialogPtr dlog ) -{ - short itemType; - Rect itemRect; - ControlHandle okButton; - - GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect ); - return ((**okButton).contrlHilite != 255); -} - - -extern OSErr INTERFACE -CacheInitialTicket( serviceName ) - char *serviceName; -{ - char service[ANAME_SZ]="\0"; - char instance[INST_SZ]="\0"; - char realm[REALM_SZ]="\0"; - OSErr err = noErr; - char uname[ANAME_SZ]="\0"; - char uinst[INST_SZ]="\0"; - char urealm[REALM_SZ]="\0"; - char password[KKEY_SZ]="\0"; - char UserName[MAX_K_NAME_SZ]="\0"; - char oldName[120]="\0"; - - err = GetUserInfo( password ); - if (err) return err; - - if (!serviceName || (serviceName[0] == '\0')) - return err; - - strncpy (UserName, krb_get_default_user(), sizeof(UserName) - 1); - UserName[sizeof(UserName) - 1] = '\0'; - - err = kname_parse(uname, uinst, urealm, UserName); - if (err) return err; - - if (urealm[0] == '\0') - krb_get_lrealm (urealm, 1); - - err = kname_parse(service, instance, realm, serviceName); // check if there is a service name - if (err) return err; - - err = krb_get_pw_in_tkt(uname,uinst,urealm,service,instance,DEFAULT_TKT_LIFE,password); - return err; -} Deleted: branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,692 +0,0 @@ -/* - * lib/krb4/RealmsConfig-glue.c - * - * Copyright 1985-2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * These calls implement the layer of Kerberos v4 library which - * accesses realms configuration by calling into the Kerberos Profile - * library. - */ - -#include -#include -#include -#include -#include - -#include "profile.h" -#include "krb.h" -#include "krb4int.h" -#include "k5-int.h" /* for accessor, addrlist stuff */ -#include "port-sockets.h" - -/* These two *must* be kept in sync to avoid buffer overflows. */ -#define SCNSCRATCH "%1023s" -#define SCRATCHSZ 1024 -#if SCRATCHSZ < MAXHOSTNAMELEN -#error "SCRATCHSZ must be at least MAXHOSTNAMELEN" -#endif - -/* - * Returns to the caller an initialized profile using the same files - * as Kerberos4Lib would. - */ -int KRB5_CALLCONV -krb_get_profile(profile_t* profile) -{ - int retval = KSUCCESS; - profile_filespec_t *files = NULL; - - /* Use krb5 to get the config files */ - retval = krb5_get_default_config_files(&files); - - if (retval == KSUCCESS) { - retval = profile_init((const_profile_filespec_t *)files, profile); - } - - if (files) { - krb5_free_config_files(files); - } - - if (retval == ENOENT) { - /* No edu.mit.Kerberos file */ - return KFAILURE; - } - - if ((retval == PROF_SECTION_NOTOP) || - (retval == PROF_SECTION_SYNTAX) || - (retval == PROF_RELATION_SYNTAX) || - (retval == PROF_EXTRA_CBRACE) || - (retval == PROF_MISSING_OBRACE)) { - /* Bad config file format */ - return retval; - } - - return retval; -} - -/* Caller must ensure that n >= 1 and that pointers are non-NULL. */ -static int -krb_prof_get_nth( - char *ret, - size_t retlen, - const char *realm, - int n, - const char *sec, - const char *key) -{ - int result; - long profErr; - profile_t profile = NULL; - const char *names[4]; - void *iter = NULL; - char *name = NULL; - char *value = NULL; - int i; - - result = KFAILURE; - - profErr = krb_get_profile(&profile); - if (profErr) { - /* - * Can krb_get_profile() return errors that change PROFILE? - */ - goto cleanup; - } - names[0] = sec; - names[1] = realm; - names[2] = key; - names[3] = NULL; - profErr = profile_iterator_create(profile, names, - PROFILE_ITER_RELATIONS_ONLY, &iter); - if (profErr) - goto cleanup; - - result = KSUCCESS; - for (i = 1; i <= n; i++) { - if (name != NULL) - profile_release_string(name); - if (value != NULL) - profile_release_string(value); - name = value = NULL; - - profErr = profile_iterator(&iter, &name, &value); - if (profErr || (name == NULL)) { - result = KFAILURE; - break; - } - } - if (result == KSUCCESS) { - /* Return error rather than truncating. */ - /* Don't strncpy because retlen is a guess for some callers */ - if (strlen(value) >= retlen) - result = KFAILURE; - else - strcpy(ret, value); - } -cleanup: - if (name != NULL) - profile_release_string(name); - if (value != NULL) - profile_release_string(value); - if (iter != NULL) - profile_iterator_free(&iter); - if (profile != NULL) - profile_abandon(profile); - return result; -} - -/* - * Index -> realm name mapping - * - * Not really. The original implementation has a cryptic comment - * indicating that the function can only work for n = 1, and always - * returns the default realm. I don't know _why_ that's the case, but - * I have to do it that way... - * - * Old description from g_krbrlm.c: - * - * krb_get_lrealm takes a pointer to a string, and a number, n. It fills - * in the string, r, with the name of the nth realm specified on the - * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). - * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the - * config file does not exist, and if n=1, a successful return will occur - * with r = KRB_REALM (also defined in "krb.h"). - * - * NOTE: for archaic & compatibility reasons, this routine will only return - * valid results when n = 1. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). This will also look in KRB_FB_CONF is - * ATHENA_CONF_FALLBACK is defined. - */ -int KRB5_CALLCONV -krb_get_lrealm( - char *realm, - int n) -{ - int result = KSUCCESS; - profile_t profile = NULL; - char *profileDefaultRealm = NULL; - char **profileV4Realms = NULL; - int profileHasDefaultRealm = 0; - int profileDefaultRealmIsV4RealmInProfile = 0; - char krbConfLocalRealm[REALM_SZ]; - int krbConfHasLocalRealm = 0; - - if ((realm == NULL) || (n != 1)) { result = KFAILURE; } - - if (result == KSUCCESS) { - /* Some callers don't check the return value so we initialize - * to an empty string in case it never gets filled in. */ - realm [0] = '\0'; - } - - if (result == KSUCCESS) { - int profileErr = krb_get_profile (&profile); - - if (!profileErr) { - /* Get the default realm from the profile */ - profileErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION, - REALMS_V4_DEFAULT_REALM, NULL, NULL, - &profileDefaultRealm); - if (profileDefaultRealm == NULL) { profileErr = KFAILURE; } - } - - if (!profileErr) { - /* If there is an equivalent v4 realm to the default realm, use that instead */ - char *profileV4EquivalentRealm = NULL; - - if (profile_get_string (profile, "realms", profileDefaultRealm, "v4_realm", NULL, - &profileV4EquivalentRealm) == 0 && - profileV4EquivalentRealm != NULL) { - - profile_release_string (profileDefaultRealm); - profileDefaultRealm = profileV4EquivalentRealm; - } - } - - if (!profileErr) { - if (strlen (profileDefaultRealm) < REALM_SZ) { - profileHasDefaultRealm = 1; /* a reasonable default realm */ - } else { - profileErr = KFAILURE; - } - } - - if (!profileErr) { - /* Walk through the v4 realms list looking for the default realm */ - const char *profileV4RealmsList[] = { REALMS_V4_PROF_REALMS_SECTION, NULL }; - - if (profile_get_subsection_names (profile, profileV4RealmsList, - &profileV4Realms) == 0 && - profileV4Realms != NULL) { - - char **profileRealm; - for (profileRealm = profileV4Realms; *profileRealm != NULL; profileRealm++) { - if (strcmp (*profileRealm, profileDefaultRealm) == 0) { - /* default realm is a v4 realm */ - profileDefaultRealmIsV4RealmInProfile = 1; - break; - } - } - } - } - } - - if (result == KSUCCESS) { - /* Try to get old-style config file lookup for fallback. */ - FILE *cnffile = NULL; - char scratch[SCRATCHSZ]; - - cnffile = krb__get_cnffile(); - if (cnffile != NULL) { - if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) { - if (strlen(scratch) < REALM_SZ) { - strncpy(krbConfLocalRealm, scratch, REALM_SZ); - krbConfHasLocalRealm = 1; - } - } - fclose(cnffile); - } - } - - if (result == KSUCCESS) { - /* - * We want to favor the profile value over the krb.conf value - * but not stop suppporting its use with a v5-only profile. - * So we only use the krb.conf realm when the default profile - * realm doesn't exist in the v4 realm section of the profile. - */ - if (krbConfHasLocalRealm && !profileDefaultRealmIsV4RealmInProfile) { - strncpy (realm, krbConfLocalRealm, REALM_SZ); - } else if (profileHasDefaultRealm) { - strncpy (realm, profileDefaultRealm, REALM_SZ); - } else { - result = KFAILURE; /* No default realm */ - } - } - - if (profileDefaultRealm != NULL) { profile_release_string (profileDefaultRealm); } - if (profileV4Realms != NULL) { profile_free_list (profileV4Realms); } - if (profile != NULL) { profile_abandon (profile); } - - return result; -} - -/* - * Realm, index -> admin KDC mapping - * - * Old description from g_admhst.c: - * - * Given a Kerberos realm, find a host on which the Kerberos database - * administration server can be found. - * - * krb_get_admhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer n, and - * returns (in h) the nth administrative host entry from the configuration - * file (KRB_CONF, defined in "krb.h") associated with the specified realm. - * If ATHENA_CONF_FALLBACK is defined, also look in old location. - * - * On error, get_admhst returns KFAILURE. If all goes well, the routine - * returns KSUCCESS. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). - * - * This is a temporary hack to allow us to find the nearest system running - * a Kerberos admin server. In the long run, this functionality will be - * provided by a nameserver. - */ -int KRB5_CALLCONV -krb_get_admhst( - char *host, - char *realm, - int n) -{ - int result; - int i; - FILE *cnffile; - char linebuf[BUFSIZ]; - char trealm[SCRATCHSZ]; - char thost[SCRATCHSZ]; - char scratch[SCRATCHSZ]; - - if (n < 1 || host == NULL || realm == NULL) - return KFAILURE; - - result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, - REALMS_V4_PROF_REALMS_SECTION, - REALMS_V4_PROF_ADMIN_KDC); - if (result == KSUCCESS) - return result; - - /* - * Do old-style config file lookup. - */ - cnffile = krb__get_cnffile(); - if (cnffile == NULL) - return KFAILURE; - result = KSUCCESS; - for (i = 0; i < n;) { - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - result = KFAILURE; - break; - } - if (!strchr(linebuf, '\n')) { - result = KFAILURE; - break; - } - /* - * Need to scan for a token after 'admin' to make sure that - * admin matched correctly. - */ - if (sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH " admin " SCNSCRATCH, - trealm, thost, scratch) != 3) - continue; - if (!strcmp(trealm, realm)) - i++; - } - fclose(cnffile); - if (result == KSUCCESS && strlen(thost) < MAX_HSTNM) - strcpy(host, thost); - else - result = KFAILURE; - return result; -} - -/* - * Realm, index -> kpasswd KDC mapping - */ -int -krb_get_kpasswdhst( - char *host, - char *realm, - int n) -{ - if (n < 1 || host == NULL || realm == NULL) - return KFAILURE; - - return krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, - REALMS_V4_PROF_REALMS_SECTION, - REALMS_V4_PROF_KPASSWD_KDC); -} - -/* - * Realm, index -> KDC mapping - * - * Old description from g_krbhst.c: - * - * Given a Kerberos realm, find a host on which the Kerberos authenti- - * cation server can be found. - * - * krb_get_krbhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer, n, and - * returns (in h) the nth entry from the configuration file (KRB_CONF, - * defined in "krb.h") associated with the specified realm. - * - * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the - * configuration file does not exist, krb_get_krbhst will return KRB_HOST - * (also defined in "krb.h"). If all goes well, the routine returnes - * KSUCCESS. - * - * The KRB_CONF file contains the name of the local realm in the first - * line (not used by this routine), followed by lines indicating realm/host - * entries. The words "admin server" following the hostname indicate that - * the host provides an administrative database server. - * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined. - * - * For example: - * - * ATHENA.MIT.EDU - * ATHENA.MIT.EDU kerberos-1.mit.edu admin server - * ATHENA.MIT.EDU kerberos-2.mit.edu - * LCS.MIT.EDU kerberos.lcs.mit.edu admin server - * - * This is a temporary hack to allow us to find the nearest system running - * kerberos. In the long run, this functionality will be provided by a - * nameserver. - */ -#ifdef KRB5_DNS_LOOKUP -static struct { - time_t when; - char realm[REALM_SZ+1]; - struct srv_dns_entry *srv; -} dnscache = { 0, { 0 }, 0 }; -#define DNS_CACHE_TIMEOUT 60 /* seconds */ -#endif - -int KRB5_CALLCONV -krb_get_krbhst( - char *host, - const char *realm, - int n) -{ - int result; - int i; - FILE *cnffile; - char linebuf[BUFSIZ]; - char tr[SCRATCHSZ]; - char scratch[SCRATCHSZ]; -#ifdef KRB5_DNS_LOOKUP - time_t now; -#endif - - if (n < 1 || host == NULL || realm == NULL) - return KFAILURE; - -#ifdef KRB5_DNS_LOOKUP - /* We'll only have this realm's info in the DNS cache if there is - no data in the local config files. - - XXX The files could've been updated in the last few seconds. - Do we care? */ - if (!strncmp(dnscache.realm, realm, REALM_SZ) - && (time(&now), abs(dnscache.when - now) < DNS_CACHE_TIMEOUT)) { - struct srv_dns_entry *entry; - - get_from_dnscache: - /* n starts at 1, addrs indices run 0..naddrs */ - for (i = 1, entry = dnscache.srv; i < n && entry; i++) - entry = entry->next; - if (entry == NULL) - return KFAILURE; - if (strlen(entry->host) + 6 >= MAXHOSTNAMELEN) - return KFAILURE; - snprintf(host, MAXHOSTNAMELEN, "%s:%d", entry->host, entry->port); - return KSUCCESS; - } -#endif - - result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, - REALMS_V4_PROF_REALMS_SECTION, - REALMS_V4_PROF_KDC); - if (result == KSUCCESS) - return result; - /* - * Do old-style config file lookup. - */ - do { - cnffile = krb__get_cnffile(); - if (cnffile == NULL) - break; - /* Skip default realm name. */ - if (fscanf(cnffile, SCNSCRATCH, tr) == EOF) { - fclose(cnffile); - break; - } - result = KSUCCESS; - for (i = 0; i < n;) { - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - result = KFAILURE; - break; - } - if (!strchr(linebuf, '\n')) { - result = KFAILURE; - break; - } - if ((sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH, - tr, scratch) != 2)) - continue; - if (!strcmp(tr, realm)) - i++; - } - fclose(cnffile); - if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN) { - strcpy(host, scratch); - return KSUCCESS; - } - if (i > 0) - /* Found some, but not as many as requested. */ - return KFAILURE; - } while (0); -#ifdef KRB5_DNS_LOOKUP - do { - krb5int_access k5; - krb5_error_code err; - krb5_data realmdat; - struct srv_dns_entry *srv; - - err = krb5int_accessor(&k5, KRB5INT_ACCESS_VERSION); - if (err) - break; - - if (k5.use_dns_kdc(krb5__krb4_context)) { - realmdat.data = realm; - realmdat.length = strlen(realm); - err = k5.make_srv_query_realm(&realmdat, "_kerberos-iv", "_udp", - &srv); - if (err) - break; - - if (srv == 0) - break; - - if (dnscache.srv) - k5.free_srv_dns_data(dnscache.srv); - dnscache.srv = srv; - strncpy(dnscache.realm, realm, REALM_SZ); - dnscache.when = now; - goto get_from_dnscache; - } - } while (0); -#endif - return KFAILURE; -} - -/* - * Hostname -> realm name mapping - * - * Old description from realmofhost.c: - * - * Given a fully-qualified domain-style primary host name, - * return the name of the Kerberos realm for the host. - * If the hostname contains no discernable domain, or an error occurs, - * return the local realm name, as supplied by get_krbrlm(). - * If the hostname contains a domain, but no translation is found, - * the hostname's domain is converted to upper-case and returned. - * - * The format of each line of the translation file is: - * domain_name kerberos_realm - * -or- - * host_name kerberos_realm - * - * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) - * host names should be in the usual form (e.g. FOO.BAR.BAZ) - */ -char * KRB5_CALLCONV -krb_realmofhost(char *host) -{ - /* Argh! */ - static char realm[REALM_SZ]; - char *lhost; - const char *names[] = {REALMS_V4_PROF_DOMAIN_SECTION, NULL, NULL}; - char **values = NULL; - profile_t profile = NULL; - long profErr; - char hostname[MAXHOSTNAMELEN]; - char *p; - char *domain; - FILE *trans_file = NULL; - int retval; - char thost[SCRATCHSZ]; - char trealm[SCRATCHSZ]; - struct hostent *h; - - /* Return local realm if all else fails */ - krb_get_lrealm(realm, 1); - - /* Forward-resolve in case domain is missing. */ - h = gethostbyname(host); - if (h == NULL) - lhost = host; - else - lhost = h->h_name; - - if (strlen(lhost) >= MAXHOSTNAMELEN) - return realm; - strcpy(hostname, lhost); - - /* Remove possible trailing dot. */ - p = strrchr(hostname, '.'); - if (p != NULL && p[1] == '\0') - *p = '\0'; - domain = strchr(hostname, '.'); - /* - * If the hostname is just below the top, e.g., CYGNUS.COM, then - * we special-case it; if someone really wants a realm called COM - * they will just have to specify it properly. - */ - if (domain != NULL) { - domain++; - p = strchr(domain, '.'); - if (p == NULL) - domain = lhost; - if (strlen(domain) < REALM_SZ) { - strncpy(realm, domain, REALM_SZ); - /* Upcase realm name. */ - for (p = hostname; *p != '\0'; p++) { - if (*p > 0 && islower((unsigned char)*p)) - *p = toupper((unsigned char)*p); - } - } - } - /* Downcase hostname. */ - for (p = hostname; *p != '\0'; p++) { - if (*p > 0 && isupper((unsigned char)*p)) - *p = tolower((unsigned char)*p); - } - - profErr = krb_get_profile(&profile); - if (profErr) - goto cleanup; - - for (domain = hostname; domain != NULL && *domain != '\0';) { - names[1] = domain; - values = NULL; - profErr = profile_get_values(profile, names, &values); - if (!profErr && strlen(values[0]) < REALM_SZ) { - /* Found, return it */ - strncpy(realm, values[0], REALM_SZ); - profile_free_list(values); - break; - } else { - /* Skip over leading dot. */ - if (*domain == '.') - domain++; - domain = strchr(domain, '.'); - } - profile_free_list(values); - } -cleanup: - if (profile != NULL) - profile_abandon(profile); - - trans_file = krb__get_realmsfile(); - if (trans_file == NULL) - return realm; - domain = strchr(hostname, '.'); - for (;;) { - retval = fscanf(trans_file, SCNSCRATCH " " SCNSCRATCH, - thost, trealm); - if (retval == EOF) - break; - if (retval != 2 || strlen(trealm) >= REALM_SZ) - continue; /* Ignore malformed lines. */ - /* Attempt to match domain. */ - if (*thost == '.') { - if (domain && !strcasecmp(thost, domain)) { - strncpy(realm, trealm, REALM_SZ); - continue; /* Try again for an exact match. */ - } - } else { - /* Hostname must match exactly. */ - if (!strcasecmp(thost, hostname)) { - strncpy(realm, trealm, REALM_SZ); - break; - } - } - } - fclose(trans_file); - return realm; -} Deleted: branches/mskrb-integ/src/lib/krb4/ad_print.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/ad_print.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/ad_print.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,85 +0,0 @@ -/* - * lib/krb4/ad_print.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. All - * Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "des.h" -#include "krb4int.h" -#include -#include "port-sockets.h" - -#ifndef _WIN32 - -/* - * Print some of the contents of the given authenticator structure - * (AUTH_DAT defined in "krb.h"). Fields printed are: - * - * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session - */ - -void -ad_print(x) - AUTH_DAT *x; -{ - struct in_addr ina; - ina.s_addr = x->address; - - printf("\n%s %s %s ", x->pname, x->pinst, x->prealm); - far_fputs (inet_ntoa(ina), stdout); - printf(" flags %u cksum 0x%lX\n\ttkt_tm 0x%lX sess_key", - x->k_flags, (long) x->checksum, (long) x->time_sec); - printf("[8] ="); -#ifdef NOENCRYPTION - placebo_cblock_print(x->session); -#else /* Do Encryption */ - des_cblock_print_file(&x->session,stdout); -#endif /* NOENCRYPTION */ - /* skip reply for now */ -} - -#ifdef NOENCRYPTION -/* - * Print in hex the 8 bytes of the given session key. - * - * Printed format is: " 0x { x, x, x, x, x, x, x, x }" - */ - -placebo_cblock_print(x) - des_cblock x; -{ - unsigned char *y = (unsigned char *) x; - register int i = 0; - - printf(" 0x { "); - - while (i++ <8) { - printf("%x",*y++); - if (i<8) printf(", "); - } - printf(" }"); -} -#endif /* NOENCRYPTION */ - -#endif Deleted: branches/mskrb-integ/src/lib/krb4/change_password.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/change_password.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/change_password.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,127 +0,0 @@ -/* - * change_password.c - * - * Copyright 1987, 1988, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include - -#include "krb.h" -#include "krb4int.h" -#include "kadm.h" -#include "prot.h" - -/* - * krb_change_password(): This disgusting function handles changing passwords - * in a krb4-only environment. - * -1783126240 - * THIS IS NOT A NORMAL KRB4 API FUNCTION! DON'T USE IN PORTABLE CODE! - */ - -int KRB5_CALLCONV -krb_change_password(char *principal, char *instance, char *realm, - char *oldPassword, char *newPassword) -{ - int err; - des_cblock key; - KRB_UINT32 tempKey; - size_t sendSize; - u_char *sendStream; - size_t receiveSize; - u_char *receiveStream; - Kadm_Client client_parm; - u_char *p; - - err = 0; - - /* Check inputs: */ - if (principal == NULL || instance == NULL || realm == NULL || - oldPassword == NULL || newPassword == NULL) { - return KFAILURE; - } - - /* - * Get tickets to change the old password and shove them in the - * client_parm - */ - err = krb_get_pw_in_tkt_creds(principal, instance, realm, - PWSERV_NAME, KADM_SINST, 1, - oldPassword, &client_parm.creds); - if (err != KSUCCESS) - goto cleanup; - - /* Now create the key to send to the server */ - /* Use this and not mit_password_to_key so that we don't prompt */ - des_string_to_key(newPassword, key); - - /* Create the link to the server */ - err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1); - if (err != KADM_SUCCESS) - goto cleanup; - - /* Connect to the KDC */ - err = kadm_cli_conn(&client_parm); - if (err != KADM_SUCCESS) - goto cleanup; - - /* possible problem with vts_long on a non-multiple of four boundary */ - sendSize = 0; /* start of our output packet */ - sendStream = malloc(1); /* to make it reallocable */ - if (sendStream == NULL) - goto disconnect; - sendStream[sendSize++] = CHANGE_PW; - - /* change key to stream */ - /* This looks backwards but gets inverted on the server side. */ - p = key + 4; - KRB4_GET32BE(tempKey, p); - sendSize += vts_long(tempKey, &sendStream, (int)sendSize); - p = key; - KRB4_GET32BE(tempKey, p); - sendSize += vts_long(tempKey, &sendStream, (int)sendSize); - tempKey = 0; - - if (newPassword) { - sendSize += vts_string(newPassword, &sendStream, (int)sendSize); - } - - /* send the data to the kdc */ - err = kadm_cli_send(&client_parm, sendStream, sendSize, - &receiveStream, &receiveSize); - free(sendStream); - if (receiveSize > 0) - /* If there is a string from the kdc, free it - we don't care */ - free(receiveStream); - if (err != KADM_SUCCESS) - goto disconnect; - -disconnect: - /* Disconnect */ - kadm_cli_disconn(&client_parm); - -cleanup: - memset(&client_parm.creds.session, 0, sizeof(client_parm.creds.session)); - memset(&key, 0, sizeof(key)); - return err; -} Deleted: branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,136 +0,0 @@ -/* - * lib/krb4/cr_auth_repl.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * This routine is called by the Kerberos authentication server - * to create a reply to an authentication request. The routine - * takes the user's name, instance, and realm, the client's - * timestamp, the number of tickets, the user's key version - * number and the ciphertext containing the tickets themselves. - * It constructs a packet and returns a pointer to it. - * - * Notes: The packet returned by this routine is static. Thus, if you - * intend to keep the result beyond the next call to this routine, you - * must copy it elsewhere. - * - * The packet is built in the following format: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * unsigned char KRB_PROT_VERSION protocol version number - * - * unsigned char AUTH_MSG_KDC_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned char n number of tickets - * - * unsigned long x_date expiration date - * - * unsigned char kvno master key version - * - * short w_1 cipher length - * - * --- cipher->dat cipher data - */ - -KTEXT -create_auth_reply(pname, pinst, prealm, time_ws, n, x_date, kvno, cipher) - char *pname; /* Principal's name */ - char *pinst; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long time_ws; /* Workstation time */ - int n; /* Number of tickets */ - unsigned long x_date; /* Principal's expiration date */ - int kvno; /* Principal's key version number */ - KTEXT cipher; /* Cipher text with tickets and - * session keys */ -{ - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - unsigned char *p; - size_t pnamelen, pinstlen, prealmlen; - - /* Create fixed part of packet */ - p = pkt->dat; - /* This is really crusty. */ - if (n != 0) - *p++ = 3; - else - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_KDC_REPLY; /* always big-endian */ - - /* Make sure the response will actually fit into its buffer. */ - pnamelen = strlen(pname) + 1; - pinstlen = strlen(pinst) + 1; - prealmlen = strlen(prealm) + 1; - if (sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen - + 4 + 1 + 4 + 1 + 2 + cipher->length) - || cipher->length > 65535 || cipher->length < 0) { - pkt->length = 0; - return NULL; - } - /* Add the basic info */ - memcpy(p, pname, pnamelen); - p += pnamelen; - memcpy(p, pinst, pinstlen); - p += pinstlen; - memcpy(p, prealm, prealmlen); - p += prealmlen; - - /* Workstation timestamp */ - KRB4_PUT32BE(p, time_ws); - - *p++ = n; - - /* Expiration date */ - KRB4_PUT32BE(p, x_date); - - /* Now send the ciphertext and info to help decode it */ - *p++ = kvno; - KRB4_PUT16BE(p, cipher->length); - memcpy(p, cipher->dat, (size_t)cipher->length); - p += cipher->length; - - /* And return the packet */ - pkt->length = p - pkt->dat; - return pkt; -} Deleted: branches/mskrb-integ/src/lib/krb4/cr_ciph.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/cr_ciph.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/cr_ciph.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,136 +0,0 @@ -/* - * lib/krb4/cr_ciph.c - * - * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include "des.h" -#include - -/* - * This routine is used by the authentication server to create - * a packet for its client, containing a ticket for the requested - * service (given in "tkt"), and some information about the ticket, -#ifndef NOENCRYPTION - * all encrypted in the given key ("key"). -#endif - * - * Returns KSUCCESS no matter what. - * - * The length of the cipher is stored in c->length; the format of - * c->dat is as follows: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * - * 8 bytes session session key for client, service - * - * string service service name - * - * string instance service instance - * - * string realm KDC realm - * - * unsigned char life ticket lifetime - * - * unsigned char kvno service key version number - * - * unsigned char tkt->length length of following ticket - * - * data tkt->dat ticket for service - * - * 4 bytes kdc_time KDC's timestamp - * - * <=7 bytes null null pad to 8 byte multiple - * - */ - -int -create_ciph(c, session, service, instance, realm, life, kvno, tkt, - kdc_time, key) - KTEXT c; /* Text block to hold ciphertext */ - C_Block session; /* Session key to send to user */ - char *service; /* Service name on ticket */ - char *instance; /* Instance name on ticket */ - char *realm; /* Realm of this KDC */ - unsigned long life; /* Lifetime of the ticket */ - int kvno; /* Key version number for service */ - KTEXT tkt; /* The ticket for the service */ - unsigned long kdc_time; /* KDC time */ - C_Block key; /* Key to encrypt ciphertext with */ -{ - unsigned char *ptr; - size_t servicelen, instancelen, realmlen; - Key_schedule key_s; - - ptr = c->dat; - - /* Validate lengths. */ - servicelen = strlen(service) + 1; - instancelen = strlen(instance) + 1; - realmlen = strlen(realm) + 1; - if (sizeof(c->dat) / 8 < ((8 + servicelen + instancelen + realmlen - + 1 + 1 + 1 + tkt->length - + 4 + 7) / 8) - || tkt->length > 255 || tkt->length < 0) { - c->length = 0; - return KFAILURE; - } - - memcpy(ptr, session, 8); - ptr += 8; - - memcpy(ptr, service, servicelen); - ptr += servicelen; - memcpy(ptr, instance, instancelen); - ptr += instancelen; - memcpy(ptr, realm, realmlen); - ptr += realmlen; - - *ptr++ = life; - *ptr++ = kvno; - *ptr++ = tkt->length; - - memcpy(ptr, tkt->dat, (size_t)tkt->length); - ptr += tkt->length; - - KRB4_PUT32BE(ptr, kdc_time); - - /* guarantee null padded encrypted data to multiple of 8 bytes */ - memset(ptr, 0, 7); - - c->length = (((ptr - c->dat) + 7) / 8) * 8; - -#ifndef NOENCRYPTION - key_sched(key, key_s); - pcbc_encrypt((C_Block *)c->dat, (C_Block *)c->dat, - (long)c->length, key_s, (C_Block*)key, ENCRYPT); - memset(key_s, 0, sizeof(key_s)); -#endif /* NOENCRYPTION */ - - return KSUCCESS; -} Deleted: branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,78 +0,0 @@ -/* - * lib/krb4/cr_death_pkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * This routine creates a packet to type AUTH_MSG_DIE which is sent to - * the Kerberos server to make it shut down. It is used only in the - * development environment. - * - * It takes a string "a_name" which is sent in the packet. A pointer - * to the packet is returned. - * - * The format of the killer packet is: - * - * type variable data - * or constant - * ---- ----------- ---- - * - * unsigned char KRB_PROT_VERSION protocol version number - * - * unsigned char AUTH_MSG_DIE message type - * - * [least significant HOST_BYTE_ORDER byte order of sender - * bit of above field] - * - * string a_name presumably, name of - * principal sending killer - * packet - */ - -#ifdef DEBUG -KTEXT -krb_create_death_packet(a_name) - char *a_name; -{ - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - unsigned char *p; - size_t namelen; - - p = pkt->dat; - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_DIE; - namelen = strlen(a_name) + 1; - if (1 + 1 + namelen > sizeof(pkt->dat)) - return NULL; - memcpy(p, a_name, namelen); - p += namelen; - pkt->length = p - pkt->dat; - return pkt; -} -#endif /* DEBUG */ Deleted: branches/mskrb-integ/src/lib/krb4/cr_err_repl.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/cr_err_repl.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/cr_err_repl.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,110 +0,0 @@ -/* - * lib/krb4/cr_err_repl.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * This routine is used by the Kerberos authentication server to - * create an error reply packet to send back to its client. - * - * It takes a pointer to the packet to be built, the name, instance, - * and realm of the principal, the client's timestamp, an error code - * and an error string as arguments. Its return value is undefined. - * - * The packet is built in the following format: - * - * type variable data - * or constant - * ---- ----------- ---- - * - * unsigned char req_ack_vno protocol version number - * - * unsigned char AUTH_MSG_ERR_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned long e error code - * - * string e_string error text - */ - -void -cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string) - KTEXT pkt; - char *pname; /* Principal's name */ - char *pinst; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - u_long time_ws; /* Workstation time */ - u_long e; /* Error code */ - char *e_string; /* Text of error */ -{ - unsigned char *p; - size_t pnamelen, pinstlen, prealmlen, e_stringlen; - - p = pkt->dat; - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_ERR_REPLY; - - /* Make sure the reply will fit into the buffer. */ - pnamelen = strlen(pname) + 1; - pinstlen = strlen(pinst) + 1; - prealmlen = strlen(prealm) + 1; - e_stringlen = strlen(e_string) + 1; - if(sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen - + 4 + 4 + e_stringlen)) { - pkt->length = 0; - return; - } - /* Add the basic info */ - memcpy(p, pname, pnamelen); - p += pnamelen; - memcpy(p, pinst, pinstlen); - p += pinstlen; - memcpy(p, prealm, prealmlen); - p += prealmlen; - /* ws timestamp */ - KRB4_PUT32BE(p, time_ws); - /* err code */ - KRB4_PUT32BE(p, e); - /* err text */ - memcpy(p, e_string, e_stringlen); - p += e_stringlen; - - /* And return */ - pkt->length = p - pkt->dat; - return; -} Deleted: branches/mskrb-integ/src/lib/krb4/cr_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/cr_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/cr_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,254 +0,0 @@ -/* - * lib/krb4/cr_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include "des.h" -#include "krb.h" -#include "prot.h" -#include -#include "port-sockets.h" - -static int -krb_cr_tkt_int (KTEXT tkt, unsigned int flags_in, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance); - -/* - * Create ticket takes as arguments information that should be in a - * ticket, and the KTEXT object in which the ticket should be - * constructed. It then constructs a ticket and returns, leaving the - * newly created ticket in tkt. -#ifndef NOENCRYPTION - * The data in tkt->dat is encrypted in the server's key. -#endif - * The length of the ticket is a multiple of - * eight bytes and is in tkt->length. - * - * If the ticket is too long, the ticket will contain nulls. - * The return value of the routine is undefined. - * - * The corresponding routine to extract information from a ticket it - * decomp_ticket. When changes are made to this routine, the - * corresponding changes should also be made to that file. - * - * The packet is built in the following format: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * tkt->length length of ticket (multiple of 8 bytes) - * -#ifdef NOENCRYPTION - * tkt->dat: -#else - * tkt->dat: (encrypted in server's key) -#endif - * - * unsigned char flags namely, HOST_BYTE_ORDER - * - * string pname client's name - * - * string pinstance client's instance - * - * string prealm client's realm - * - * 4 bytes paddress client's address - * - * 8 bytes session session key - * - * 1 byte life ticket lifetime - * - * 4 bytes time_sec KDC timestamp - * - * string sname service's name - * - * string sinstance service's instance - * - * <=7 bytes null null pad to 8 byte multiple - * - */ -int -krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance, key) - KTEXT tkt; /* Gets filled in by the ticket */ - unsigned int flags; /* Various Kerberos flags */ - char *pname; /* Principal's name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long paddress; /* Net address of requesting entity */ - char *session; /* Session key inserted in ticket */ - int life; /* Lifetime of the ticket */ - long time_sec; /* Issue time and date */ - char *sname; /* Service Name */ - char *sinstance; /* Instance Name */ - C_Block key; /* Service's secret key */ -{ - int kerr; - Key_schedule key_s; - - kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance); - if (kerr) - return kerr; - - /* Encrypt the ticket in the services key */ - key_sched(key, key_s); - pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat, - (long)tkt->length, key_s, (C_Block *)key, 1); - memset(key_s, 0, sizeof(key_s)); - return 0; -} - -int -krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance, k5key) - KTEXT tkt; /* Gets filled in by the ticket */ - unsigned int flags; /* Various Kerberos flags */ - char *pname; /* Principal's name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long paddress; /* Net address of requesting entity */ - char *session; /* Session key inserted in ticket */ - int life; /* Lifetime of the ticket */ - long time_sec; /* Issue time and date */ - char *sname; /* Service Name */ - char *sinstance; /* Instance Name */ - krb5_keyblock *k5key; /* NULL if not present */ -{ - int kerr; - krb5_data in; - krb5_enc_data out; - krb5_error_code ret; - size_t enclen; - - kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, - paddress, session, life, time_sec, - sname, sinstance); - if (kerr) - return kerr; - - /* Encrypt the ticket in the services key */ - in.length = tkt->length; - in.data = (char *)tkt->dat; - /* XXX assumes context arg is ignored */ - ret = krb5_c_encrypt_length(NULL, k5key->enctype, - (size_t)in.length, &enclen); - if (ret) - return KFAILURE; - out.ciphertext.length = enclen; - out.ciphertext.data = malloc(enclen); - if (out.ciphertext.data == NULL) - return KFAILURE; /* XXX maybe ENOMEM? */ - - /* XXX assumes context arg is ignored */ - ret = krb5_c_encrypt(NULL, k5key, KRB5_KEYUSAGE_KDC_REP_TICKET, - NULL, &in, &out); - if (ret) { - free(out.ciphertext.data); - return KFAILURE; - } else { - tkt->length = out.ciphertext.length; - memcpy(tkt->dat, out.ciphertext.data, out.ciphertext.length); - memset(out.ciphertext.data, 0, out.ciphertext.length); - free(out.ciphertext.data); - } - return 0; -} - -static int -krb_cr_tkt_int(tkt, flags_in, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance) - KTEXT tkt; /* Gets filled in by the ticket */ - unsigned int flags_in; /* Various Kerberos flags */ - char *pname; /* Principal's name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long paddress; /* Net address of requesting entity */ - char *session; /* Session key inserted in ticket */ - int life; /* Lifetime of the ticket */ - long time_sec; /* Issue time and date */ - char *sname; /* Service Name */ - char *sinstance; /* Instance Name */ -{ - register unsigned char *data; /* running index into ticket */ - size_t pnamelen, pinstlen, prealmlen, snamelen, sinstlen; - struct in_addr paddr; - - /* Be really paranoid. */ - if (sizeof(paddr.s_addr) != 4) - return KFAILURE; - - tkt->length = 0; /* Clear previous data */ - - /* Check length of ticket */ - pnamelen = strlen(pname) + 1; - pinstlen = strlen(pinstance) + 1; - prealmlen = strlen(prealm) + 1; - snamelen = strlen(sname) + 1; - sinstlen = strlen(sinstance) + 1; - if (sizeof(tkt->dat) / 8 < ((1 + pnamelen + pinstlen + prealmlen - + 4 /* address */ - + 8 /* session */ - + 1 /* life */ - + 4 /* issue time */ - + snamelen + sinstlen - + 7) / 8) /* roundoff */ - || life > 255 || life < 0) { - memset(tkt->dat, 0, sizeof(tkt->dat)); - return KFAILURE /* XXX */; - } - - data = tkt->dat; - *data++ = flags_in; - memcpy(data, pname, pnamelen); - data += pnamelen; - memcpy(data, pinstance, pinstlen); - data += pinstlen; - memcpy(data, prealm, prealmlen); - data += prealmlen; - - paddr.s_addr = paddress; - memcpy(data, &paddr.s_addr, sizeof(paddr.s_addr)); - data += sizeof(paddr.s_addr); - - memcpy(data, session, 8); - data += 8; - *data++ = life; - /* issue time */ - KRB4_PUT32BE(data, time_sec); - - memcpy(data, sname, snamelen); - data += snamelen; - memcpy(data, sinstance, sinstlen); - data += sinstlen; - - /* guarantee null padded ticket to multiple of 8 bytes */ - memset(data, 0, 7); - tkt->length = ((data - tkt->dat + 7) / 8) * 8; - return 0; -} Deleted: branches/mskrb-integ/src/lib/krb4/debug.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/debug.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/debug.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,15 +0,0 @@ -/* - * debug.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" - -/* Declare global debugging variables. */ - -int krb_ap_req_debug = 0; -int krb_debug = 0; Deleted: branches/mskrb-integ/src/lib/krb4/decomp_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/decomp_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/decomp_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,295 +0,0 @@ -/* - * lib/krb4/decomp_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "des.h" -#include "krb.h" -#include "prot.h" -#include -#include -#include "krb54proto.h" -#include "port-sockets.h" - -#ifdef KRB_CRYPT_DEBUG -extern int krb_debug; -#endif - -static int dcmp_tkt_int (KTEXT tkt, unsigned char *flags, - char *pname, char *pinstance, char *prealm, - unsigned KRB4_32 *paddress, C_Block session, - int *life, unsigned KRB4_32 *time_sec, - char *sname, char *sinstance, C_Block key, - Key_schedule key_s, krb5_keyblock *k5key); -/* - * This routine takes a ticket and pointers to the variables that - * should be filled in based on the information in the ticket. It -#ifndef NOENCRYPTION - * decrypts the ticket using the given key, and -#endif - * fills in values for its arguments. - * - * Note: if the client realm field in the ticket is the null string, - * then the "prealm" variable is filled in with the local realm (as - * defined by KRB_REALM). - * - * If the ticket byte order is different than the host's byte order - * (as indicated by the byte order bit of the "flags" field), then - * the KDC timestamp "time_sec" is byte-swapped. The other fields - * potentially affected by byte order, "paddress" and "session" are - * not byte-swapped. - * - * The routine returns KFAILURE if any of the "pname", "pinstance", - * or "prealm" fields is too big, otherwise it returns KSUCCESS. - * - * The corresponding routine to generate tickets is create_ticket. - * When changes are made to this routine, the corresponding changes - * should also be made to that file. - * - * See create_ticket.c for the format of the ticket packet. - */ - -int KRB5_CALLCONV /* XXX should this be exported on win32? */ -decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, key, key_s) - KTEXT tkt; /* The ticket to be decoded */ - unsigned char *flags; /* Kerberos ticket flags */ - char *pname; /* Authentication name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - unsigned KRB4_32 *paddress; /* Net address of entity - * requesting ticket */ - C_Block session; /* Session key inserted in ticket */ - int *life; /* Lifetime of the ticket */ - unsigned KRB4_32 *time_sec; /* Issue time and date */ - char *sname; /* Service name */ - char *sinstance; /* Service instance */ - C_Block key; /* Service's secret key - * (to decrypt the ticket) */ - Key_schedule key_s; /* The precomputed key schedule */ -{ - return - dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, - paddress, session, life, time_sec, sname, sinstance, - key, key_s, NULL); -} - -int -decomp_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, k5key) - KTEXT tkt; /* The ticket to be decoded */ - unsigned char *flags; /* Kerberos ticket flags */ - char *pname; /* Authentication name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - unsigned KRB4_32 *paddress; /* Net address of entity - * requesting ticket */ - C_Block session; /* Session key inserted in ticket */ - int *life; /* Lifetime of the ticket */ - unsigned KRB4_32 *time_sec; /* Issue time and date */ - char *sname; /* Service name */ - char *sinstance; /* Service instance */ - krb5_keyblock *k5key; /* krb5 keyblock of service */ -{ - C_Block key; /* placeholder; doesn't get used */ - Key_schedule key_s; /* placeholder; doesn't get used */ - - return - dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, key, key_s, k5key); -} - -static int -dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, key, key_s, k5key) - KTEXT tkt; /* The ticket to be decoded */ - unsigned char *flags; /* Kerberos ticket flags */ - char *pname; /* Authentication name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - unsigned KRB4_32 *paddress; /* Net address of entity - * requesting ticket */ - C_Block session; /* Session key inserted in ticket */ - int *life; /* Lifetime of the ticket */ - unsigned KRB4_32 *time_sec; /* Issue time and date */ - char *sname; /* Service name */ - char *sinstance; /* Service instance */ - C_Block key; /* Service's secret key - * (to decrypt the ticket) */ - Key_schedule key_s; /* The precomputed key schedule */ - krb5_keyblock *k5key; /* krb5 keyblock of service */ -{ - int tkt_le; /* little-endian ticket? */ - unsigned char *ptr = tkt->dat; - int kret, len; - struct in_addr paddr; - - /* Be really paranoid. */ - if (sizeof(paddr.s_addr) != 4) - return KFAILURE; - -#ifndef NOENCRYPTION - /* Do the decryption */ -#ifdef KRB_CRYPT_DEBUG - if (krb_debug) { - FILE *fp; - char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */ - - fp = fopen("/kerberos/tkt.des", "wb"); - setbuf(fp, keybuf); - fwrite(tkt->dat, 1, tkt->length, fp); - fclose(fp); - memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */ - } -#endif - if (k5key != NULL) { - /* block locals */ - krb5_enc_data in; - krb5_data out; - krb5_error_code ret; - - in.enctype = k5key->enctype; - in.kvno = 0; - in.ciphertext.length = tkt->length; - in.ciphertext.data = (char *)tkt->dat; - out.length = tkt->length; - out.data = malloc((size_t)tkt->length); - if (out.data == NULL) - return KFAILURE; /* XXX maybe ENOMEM? */ - - /* XXX note the following assumes that context arg isn't used */ - ret = - krb5_c_decrypt(NULL, k5key, - KRB5_KEYUSAGE_KDC_REP_TICKET, NULL, &in, &out); - if (ret) { - free(out.data); - return KFAILURE; - } else { - memcpy(tkt->dat, out.data, out.length); - memset(out.data, 0, out.length); - free(out.data); - } - } else { - pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat, - (long)tkt->length, key_s, (C_Block *)key, 0); - } -#endif /* ! NOENCRYPTION */ -#ifdef KRB_CRYPT_DEBUG - if (krb_debug) { - FILE *fp; - char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */ - - fp = fopen("/kerberos/tkt.clear", "wb"); - setbuf(fp, keybuf); - fwrite(tkt->dat, 1, tkt->length, fp); - fclose(fp); - memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */ - } -#endif - -#define TKT_REMAIN (tkt->length - (ptr - tkt->dat)) - kret = KFAILURE; - if (TKT_REMAIN < 1) - goto cleanup; - *flags = *ptr++; - tkt_le = (*flags >> K_FLAG_ORDER) & 1; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > ANAME_SZ) - goto cleanup; - memcpy(pname, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - goto cleanup; - memcpy(pinstance, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > REALM_SZ) - goto cleanup; - memcpy(prealm, ptr, (size_t)len); - ptr += len; - - /* - * This hack may be needed for some really krb4 servers, such as - * AFS kaserver (?), that fail to fill in the realm of a ticket - * under some circumstances. - */ - if (*prealm == '\0') - krb_get_lrealm(prealm, 1); - - /* - * Ensure there's enough remaining in the ticket to get the - * fixed-size stuff. - */ - if (TKT_REMAIN < 4 + 8 + 1 + 4) - goto cleanup; - - memcpy(&paddr.s_addr, ptr, sizeof(paddr.s_addr)); - ptr += sizeof(paddr.s_addr); - *paddress = paddr.s_addr; - - memcpy(session, ptr, 8); /* session key */ - memset(ptr, 0, 8); - ptr += 8; -#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */ - if (tkt_swap_bytes) - swap_C_Block(session); -#endif - - *life = *ptr++; - - KRB4_GET32(*time_sec, ptr, tkt_le); - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > SNAME_SZ) - goto cleanup; - memcpy(sname, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - goto cleanup; - memcpy(sinstance, ptr, (size_t)len); - ptr += len; - kret = KSUCCESS; - -#ifdef KRB_CRYPT_DEBUG - if (krb_debug) { - krb_log("service=%s.%s len(sname)=%d, len(sinstance)=%d", - sname, sinstance, strlen(sname), strlen(sinstance)); - krb_log("ptr - tkt->dat=%d",(char *)ptr - (char *)tkt->dat); - } -#endif - -cleanup: - if (kret != KSUCCESS) { - memset(session, 0, sizeof(session)); - memset(tkt->dat, 0, (size_t)tkt->length); - return kret; - } - return KSUCCESS; -} Deleted: branches/mskrb-integ/src/lib/krb4/dest_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/dest_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/dest_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,162 +0,0 @@ -/* - * lib/krb4/dest_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include -#include -#include -#include - -#include "k5-util.h" -#define do_seteuid krb5_seteuid -#include "k5-platform.h" - -#ifdef TKT_SHMEM -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif -#include - -#ifndef O_SYNC -#define O_SYNC 0 -#endif - -/* - * dest_tkt() is used to destroy the ticket store upon logout. - * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. - * Otherwise the function returns RET_OK on success, KFAILURE on - * failure. - * - * The ticket file (TKT_FILE) is defined in "krb.h". - */ - -int KRB5_CALLCONV -dest_tkt() -{ - const char *file = TKT_FILE; - int i,fd; - int ret; - struct stat statpre, statpost; - char buf[BUFSIZ]; - uid_t me, metoo; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; - size_t shmidlen; -#endif /* TKT_SHMEM */ - - /* If ticket cache selector is null, use default cache. */ - if (file == 0) - file = tkt_string(); - - errno = 0; - ret = KSUCCESS; - me = getuid(); - metoo = geteuid(); - - if (lstat(file, &statpre) < 0) - return (errno == ENOENT) ? RET_TKFIL : KFAILURE; - /* - * This does not guard against certain cases that are vulnerable - * to race conditions, such as world-writable or group-writable - * directories that are not stickybitted, or untrusted path - * components. In all other cases, the following checks should be - * sufficient. It is assumed that the aforementioned certain - * vulnerable cases are unlikely to arise on a well-administered - * system where the user is not deliberately being stupid. - */ - if (!(statpre.st_mode & S_IFREG) || me != statpre.st_uid - || statpre.st_nlink != 1) - return KFAILURE; - /* - * Yes, we do uid twiddling here. It's not optimal, but some - * applications may expect that the ruid is what should really own - * the ticket file, e.g. setuid applications. - */ - if (me != metoo && do_seteuid(me) < 0) - return KFAILURE; - if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0) { - ret = (errno == ENOENT) ? RET_TKFIL : KFAILURE; - goto out; - } - set_cloexec_fd(fd); - /* - * Do some additional paranoid things. The worst-case situation - * is that a user may be fooled into opening a non-regular file - * briefly if the file is in a directory with improper - * permissions. - */ - if (fstat(fd, &statpost) < 0) { - (void)close(fd); - ret = KFAILURE; - goto out; - } - if (statpre.st_dev != statpost.st_dev - || statpre.st_ino != statpost.st_ino) { - (void)close(fd); - errno = 0; - ret = KFAILURE; - goto out; - } - - memset(buf, 0, BUFSIZ); - for (i = 0; i < statpost.st_size; i += BUFSIZ) - if (write(fd, buf, BUFSIZ) != BUFSIZ) { -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - goto out; - } - -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - - (void) unlink(file); - -out: - if (me != metoo && do_seteuid(metoo) < 0) - return KFAILURE; - if (ret != KSUCCESS) - return ret; - -#ifdef TKT_SHMEM - /* - * handle the shared memory case - */ - shmidlen = strlen(file) + sizeof(".shm"); - if (shmidlen > sizeof(shmidname)) - return RET_TKFIL; - (void)strcpy(shmidname, file); - (void)strcat(shmidname, ".shm"); - return krb_shm_dest(shmidname); -#else /* !TKT_SHMEM */ - return KSUCCESS; -#endif /* !TKT_SHMEM */ -} Deleted: branches/mskrb-integ/src/lib/krb4/err_txt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/err_txt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/err_txt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,87 +0,0 @@ -/* - * lib/krb4/err_txt.c - * - * Copyright 1988, 2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "krb4int.h" - -/* - * This is gross. We want krb_err_txt to match the contents of the - * com_err error table, but the text is static in krb_err.c. We can't - * alias it by making a pointer to it, either, so we have to suck in - * another copy of it that is named differently. */ -#if TARGET_OS_MAC && !defined(DEPEND) -#undef initialize_krb_error_table -#define initialize_krb_error_table krb4int_init_krb_err_tbl -void krb4int_init_krb_err_tbl(void); -#include "krb_err.c" -#undef initialize_krb_error_table - -/* - * Depends on the name of the static table generated by compile_et, - * but since this is only on Darwin, where we will always use a - * certain compile_et, it should be ok. - */ -const char * const * const krb_err_txt = text; -#else -#ifndef DEPEND -/* Don't put this in auto-generated dependencies. */ -#include "krb_err_txt.c" -#endif -#endif - -void initialize_krb_error_table(void); - -static int inited = 0; - -void -krb4int_et_init(void) -{ - if (inited) - return; - add_error_table(&et_krb_error_table); - inited = 1;\ -} - -void -krb4int_et_fini(void) -{ - if (inited) - remove_error_table(&et_krb_error_table); -} - -const char * KRB5_CALLCONV -krb_get_err_text(code) - int code; -{ - krb4int_et_init(); - /* - * Shift krb error code into com_err number space. - */ - if (code >= 0 && code < MAX_KRB_ERRORS) - return error_message(ERROR_TABLE_BASE_krb + code); - else - return "Invalid Kerberos error code"; -} Deleted: branches/mskrb-integ/src/lib/krb4/et_errtxt.awk =================================================================== --- branches/mskrb-integ/src/lib/krb4/et_errtxt.awk 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/et_errtxt.awk 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,71 +0,0 @@ -/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/ { - print "/*" > outfile - print " * " outfile ":" > outfile - print " * This file is automatically generated; please do not edit it." > outfile - print " */" > outfile - print "#if TARGET_OS_MAC" > outfile - print "const char * const * const krb_err_txt" > outfile - print "#else" > outfile - print "const char * const krb_err_txt[]" > outfile - print "#endif" > outfile - print "\t= {" > outfile - table_item_count = 0 -} - -(continuation == 1) && ($0 ~ /\\[ \t]*$/) { - text=substr($0,1,length($0)-1); -# printf "\t\t\"%s\"\n", text > outfile - cont_buf=cont_buf text; -} - -(continuation == 1) && ($0 ~ /"[ \t]*$/) { -# " -# printf "\t\t\"%s,\n", $0 > outfile - printf "\t%s,\n", cont_buf $0 > outfile - continuation = 0; -} -/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*$/ { - table_item_count++ - skipone=1 - next -} - -/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*"[ \t]*$/ { - text="" - for (i=3; i<=NF; i++) { - text = text FS $i - } - text=substr(text,2,length(text)-1); - printf "\t%s,\n", text > outfile - table_item_count++ -} -/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*\\[ \t]*$/ { - text="" - for (i=3; i<=NF; i++) { - text = text FS $i - } - text=substr(text,2,length(text)-2); -# printf "\t%s\"\n", text > outfile - cont_buf=text - continuation++; -} - -/^[ \t]*".*\\[ \t]*$/ { - if (skipone) { - text=substr($0,1,length($0)-1); -# printf "\t%s\"\n", text > outfile - cont_buf=text - continuation++; - } - skipone=0 -} - -{ - if (skipone) { - printf "\t%s,\n", $0 > outfile - } - skipone=0 -} -END { - print "};" > outfile -} Deleted: branches/mskrb-integ/src/lib/krb4/fgetst.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/fgetst.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/fgetst.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,38 +0,0 @@ -/* - * fgetst.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include "krb.h" -#include "krb4int.h" - -/* - * fgetst takes a file descriptor, a character pointer, and a count. - * It reads from the file it has either read "count" characters, or - * until it reads a null byte. When finished, what has been read exists - * in "s". If "count" characters were actually read, the last is changed - * to a null, so the returned string is always null-terminated. fgetst - * returns the number of characters read, including the null terminator. - */ - -int -fgetst(f, s, n) - FILE *f; - register char *s; - int n; -{ - register int count = n; - int ch; /* NOT char; otherwise you don't see EOF */ - - while ((ch = getc(f)) != EOF && ch && --count) { - *s++ = ch; - } - *s = '\0'; - return (n - count); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,383 +0,0 @@ -/* - * lib/krb4/g_ad_tkt.c - * - * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "des.h" -#include "krb4int.h" -#include "prot.h" -#include - -#include - -extern int krb_debug; -extern int swap_bytes; - -/* - * get_ad_tkt obtains a new service ticket from Kerberos, using - * the ticket-granting ticket which must be in the ticket file. - * It is typically called by krb_mk_req() when the client side - * of an application is creating authentication information to be - * sent to the server side. - * - * get_ad_tkt takes four arguments: three pointers to strings which - * contain the name, instance, and realm of the service for which the - * ticket is to be obtained; and an integer indicating the desired - * lifetime of the ticket. - * - * It returns an error status if the ticket couldn't be obtained, - * or AD_OK if all went well. The ticket is stored in the ticket - * cache. - * - * The request sent to the Kerberos ticket-granting service looks - * like this: - * - * pkt->dat - * - * TEXT original contents of authenticator+ticket - * pkt->dat built in krb_mk_req call - * - * 4 bytes time_ws always 0 (?) FIXME! - * char lifetime lifetime argument passed - * string service service name argument - * string sinstance service instance arg. - * - * See "prot.h" for the reply packet layout and definitions of the - * extraction macros like pkt_version(), pkt_msg_type(), etc. - */ - -/* - * g_ad_tk_parse() - * - * Parse the returned packet from the KDC. - * - * Note that the caller is responsible for clearing the returned - * session key if there is an error; that makes the error handling - * code a little less hairy. - */ -static int -g_ad_tkt_parse(KTEXT rpkt, C_Block tgtses, C_Block ses, - char *s_name, char *s_instance, char *rlm, - char *service, char *sinstance, char *realm, - int *lifetime, int *kvno, KTEXT tkt, - unsigned KRB4_32 *kdc_time, - KRB4_32 *t_local) -{ - unsigned char *ptr; - unsigned int t_switch; - int msg_byte_order; - unsigned long rep_err_code; - unsigned long cip_len; - KTEXT_ST cip_st; - KTEXT cip = &cip_st; /* Returned Ciphertext */ - Key_schedule key_s; - int len, i; - KRB4_32 t_diff; /* Difference between timestamps */ - - ptr = rpkt->dat; -#define RPKT_REMAIN (rpkt->length - (ptr - rpkt->dat)) - if (RPKT_REMAIN < 1 + 1) - return INTK_PROT; - /* check packet version of the returned packet */ - if (*ptr++ != KRB_PROT_VERSION) - return INTK_PROT; - - /* This used to be - switch (pkt_msg_type(rpkt) & ~1) { - but SCO 3.2v4 cc compiled that incorrectly. */ - t_switch = *ptr++; - /* Check byte order (little-endian == 1) */ - msg_byte_order = t_switch & 1; - t_switch &= ~1; - /* - * Skip over some stuff (3 strings and various integers -- see - * cr_auth_repl.c for details). Maybe we should actually verify - * these? - */ - for (i = 0; i < 3; i++) { - len = krb4int_strnlen((char *)ptr, RPKT_REMAIN) + 1; - if (len <= 0) - return INTK_PROT; - ptr += len; - } - switch (t_switch) { - case AUTH_MSG_KDC_REPLY: - if (RPKT_REMAIN < 4 + 1 + 4 + 1) - return INTK_PROT; - ptr += 4 + 1 + 4 + 1; - break; - case AUTH_MSG_ERR_REPLY: - if (RPKT_REMAIN < 8) - return INTK_PROT; - ptr += 4; - KRB4_GET32(rep_err_code, ptr, msg_byte_order); - return rep_err_code; - - default: - return INTK_PROT; - } - - /* Extract the ciphertext */ - if (RPKT_REMAIN < 2) - return INTK_PROT; - KRB4_GET16(cip_len, ptr, msg_byte_order); - if (RPKT_REMAIN < cip_len) - return INTK_PROT; - /* - * RPKT_REMAIN will always be non-negative and at most the maximum - * possible value of cip->length, so this assignment is safe. - */ - cip->length = cip_len; - memcpy(cip->dat, ptr, (size_t)cip->length); - ptr += cip->length; - -#ifndef NOENCRYPTION - /* Attempt to decrypt it */ - - key_sched(tgtses, key_s); - DEB (("About to do decryption ...")); - pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat, - (long)cip->length, key_s, (C_Block *)tgtses, 0); -#endif /* !NOENCRYPTION */ - /* - * Stomp on key schedule. Caller should stomp on tgtses. - */ - memset(key_s, 0, sizeof(key_s)); - - ptr = cip->dat; -#define CIP_REMAIN (cip->length - (ptr - cip->dat)) - if (CIP_REMAIN < 8) - return RD_AP_MODIFIED; - memcpy(ses, ptr, 8); - /* - * Stomp on decrypted session key immediately after copying it. - */ - memset(ptr, 0, 8); - ptr += 8; - - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > SNAME_SZ) - return RD_AP_MODIFIED; - memcpy(s_name, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - return RD_AP_MODIFIED; - memcpy(s_instance, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > REALM_SZ) - return RD_AP_MODIFIED; - memcpy(rlm, ptr, (size_t)len); - ptr += len; - - if (strcmp(s_name, service) || strcmp(s_instance, sinstance) - || strcmp(rlm, realm)) /* not what we asked for */ - return INTK_ERR; /* we need a better code here XXX */ - - if (CIP_REMAIN < 1 + 1 + 1) - return RD_AP_MODIFIED; - *lifetime = *ptr++; - *kvno = *ptr++; - tkt->length = *ptr++; - - if (CIP_REMAIN < tkt->length) - return RD_AP_MODIFIED; - memcpy(tkt->dat, ptr, (size_t)tkt->length); - ptr += tkt->length; - - /* Time (coarse) */ - if (CIP_REMAIN < 4) - return RD_AP_MODIFIED; - KRB4_GET32(*kdc_time, ptr, msg_byte_order); - - /* check KDC time stamp */ - *t_local = TIME_GMT_UNIXSEC; - t_diff = *t_local - *kdc_time; - if (t_diff < 0) - t_diff = -t_diff; /* Absolute value of difference */ - if (t_diff > CLOCK_SKEW) - return RD_AP_TIME; /* XXX should probably be better code */ - - return 0; -} - -int KRB5_CALLCONV -get_ad_tkt(service, sinstance, realm, lifetime) - char *service; - char *sinstance; - char *realm; - int lifetime; -{ - KTEXT_ST pkt_st; - KTEXT pkt = & pkt_st; /* Packet to KDC */ - KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; /* Returned packet */ - KTEXT_ST tkt_st; - KTEXT tkt = &tkt_st; /* Current ticket */ - C_Block ses; /* Session key for tkt */ - CREDENTIALS cr; - int kvno; /* Kvno for session key */ - int kerror; - char lrealm[REALM_SZ]; - KRB4_32 time_ws = 0; - char s_name[SNAME_SZ]; - char s_instance[INST_SZ]; - char rlm[REALM_SZ]; - unsigned char *ptr; - KRB4_32 t_local; - struct sockaddr_in laddr; - socklen_t addrlen; - unsigned KRB4_32 kdc_time; /* KDC time */ - size_t snamelen, sinstlen; - - kerror = krb_get_tf_realm(TKT_FILE, lrealm); -#if USE_LOGIN_LIBRARY - if (kerror == GC_NOTKT) { - /* No tickets... call krb_get_cred (KLL will prompt) and try again. */ - if ((kerror = krb_get_cred ("krbtgt", realm, realm, &cr)) == KSUCCESS) { - /* Now get the realm again. */ - kerror = krb_get_tf_realm (TKT_FILE, lrealm); - } - } -#endif - if (kerror != KSUCCESS) - return kerror; - - /* Create skeleton of packet to be sent */ - pkt->length = 0; - - /* - * Look for the session key (and other stuff we don't need) - * in the ticket file for krbtgt.realm at lrealm where "realm" - * is the service's realm (passed in "realm" argument) and - * "lrealm" is the realm of our initial ticket (the local realm). - * If that fails, and the server's realm and the local realm are - * the same thing, give up - no TGT available for local realm. - * - * If the server realm and local realm are different, though, - * try getting a ticket-granting ticket for the server's realm, - * i.e. a ticket for "krbtgt.alienrealm at lrealm", by calling get_ad_tkt(). - * If that succeeds, the ticket will be in ticket cache, get it - * into the "cr" structure by calling krb_get_cred(). - */ - kerror = krb_get_cred("krbtgt", realm, lrealm, &cr); - if (kerror != KSUCCESS) { - /* - * If realm == lrealm, we have no hope, so let's not even try. - */ - if (strncmp(realm, lrealm, sizeof(lrealm)) == 0) - return AD_NOTGT; - else { - kerror = get_ad_tkt("krbtgt", realm, lrealm, lifetime); - if (kerror != KSUCCESS) { - if (kerror == KDC_PR_UNKNOWN) /* no cross-realm ticket */ - return AD_NOTGT; /* So call it no ticket */ - return kerror; - } - kerror = krb_get_cred("krbtgt",realm,lrealm,&cr); - if (kerror != KSUCCESS) - return kerror; - } - } - - /* - * Make up a request packet to the "krbtgt.realm at lrealm". - * Start by calling krb_mk_req() which puts ticket+authenticator - * into "pkt". Then tack other stuff on the end. - */ - kerror = krb_mk_req(pkt, "krbtgt", realm, lrealm, 0L); - if (kerror) { - /* stomp stomp stomp */ - memset(cr.session, 0, sizeof(cr.session)); - return AD_NOTGT; - } - - ptr = pkt->dat + pkt->length; - - snamelen = strlen(service) + 1; - sinstlen = strlen(sinstance) + 1; - if (sizeof(pkt->dat) - (ptr - pkt->dat) < (4 + 1 - + snamelen - + sinstlen)) { - /* stomp stomp stomp */ - memset(cr.session, 0, sizeof(cr.session)); - return INTK_ERR; - } - - /* timestamp */ /* FIXME -- always 0 now, should we fill it in??? */ - KRB4_PUT32BE(ptr, time_ws); - - *ptr++ = lifetime; - - memcpy(ptr, service, snamelen); - ptr += snamelen; - memcpy(ptr, sinstance, sinstlen); - ptr += sinstlen; - - pkt->length = ptr - pkt->dat; - - /* Send the request to the local ticket-granting server */ - rpkt->length = 0; - addrlen = sizeof(laddr); - kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm, - (struct sockaddr *)&laddr, &addrlen); - - if (!kerror) { - /* No error; parse return packet from KDC. */ - kerror = g_ad_tkt_parse(rpkt, cr.session, ses, - s_name, s_instance, rlm, - service, sinstance, realm, - &lifetime, &kvno, tkt, - &kdc_time, &t_local); - } - /* - * Unconditionally stomp on cr.session because we don't need it - * anymore. - */ - memset(cr.session, 0, sizeof(cr.session)); - if (kerror) { - /* - * Stomp on ses for good measure, since g_ad_tkt_parse() - * doesn't do that for us. - */ - memset(ses, 0, sizeof(ses)); - return kerror; - } - - kerror = krb4int_save_credentials_addr(s_name, s_instance, rlm, - ses, lifetime, kvno, tkt, - t_local, - laddr.sin_addr.s_addr); - /* - * Unconditionally stomp on ses because we don't need it anymore. - */ - memset(ses, 0, sizeof(ses)); - if (kerror) - return kerror; - return AD_OK; -} Deleted: branches/mskrb-integ/src/lib/krb4/g_cnffile.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_cnffile.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_cnffile.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,128 +0,0 @@ -/* Copyright 1994 Cygnus Support */ -/* Mark W. Eichin */ -/* - * Permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation. - * Cygnus Support makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* common code for looking at krb.conf and krb.realms file */ -/* this may be superceded by 's work for the Mac port, but - it solves a problem for now. */ - -#include -#include "krb.h" -#include "k5-int.h" -#include "krb4int.h" - -krb5_context krb5__krb4_context = 0; - -static FILE* -krb__v5_get_file(s) - const char *s; -{ - FILE *cnffile = 0; - const char* names[3]; - char **full_name = 0, **cpp; - krb5_error_code retval; - - if (!krb5__krb4_context) - krb5_init_context(&krb5__krb4_context); - names[0] = "libdefaults"; - names[1] = s; - names[2] = 0; - if (krb5__krb4_context) { - retval = profile_get_values(krb5__krb4_context->profile, names, - &full_name); - if (retval == 0 && full_name && full_name[0]) { - cnffile = fopen(full_name[0],"r"); - if (cnffile) - set_cloexec_file(cnffile); - for (cpp = full_name; *cpp; cpp++) - krb5_xfree(*cpp); - krb5_xfree(full_name); - } - } - return cnffile; -} - -char * -krb__get_srvtabname(default_srvtabname) - const char *default_srvtabname; -{ - const char* names[3]; - char **full_name = 0, **cpp; - krb5_error_code retval; - static char retname[MAXPATHLEN]; - - if (!krb5__krb4_context) - krb5_init_context(&krb5__krb4_context); - names[0] = "libdefaults"; - names[1] = "krb4_srvtab"; - names[2] = 0; - if (krb5__krb4_context) { - retval = profile_get_values(krb5__krb4_context->profile, names, - &full_name); - if (retval == 0 && full_name && full_name[0]) { - retname[0] = '\0'; - strncat(retname, full_name[0], sizeof(retname)); - for (cpp = full_name; *cpp; cpp++) - krb5_xfree(*cpp); - krb5_xfree(full_name); - return retname; - } - } - retname[0] = '\0'; - strncat(retname, default_srvtabname, sizeof(retname)); - return retname; -} - -FILE* -krb__get_cnffile() -{ - char *s; - FILE *cnffile = 0; - extern char *getenv(); - - /* standard V4 override first */ - s = getenv("KRB_CONF"); - if (s) cnffile = fopen(s,"r"); - /* if that's wrong, use V5 config */ - if (!cnffile) cnffile = krb__v5_get_file("krb4_config"); - /* and if V5 config doesn't have it, go to hard-coded values */ - if (!cnffile) cnffile = fopen(KRB_CONF,"r"); -#ifdef ATHENA_CONF_FALLBACK - if (!cnffile) cnffile = fopen(KRB_FB_CONF,"r"); -#endif - if (cnffile) - set_cloexec_file(cnffile); - return cnffile; -} - - -FILE* -krb__get_realmsfile() -{ - FILE *realmsfile = 0; - char *s; - - /* standard (not really) V4 override first */ - s = getenv("KRB_REALMS"); - if (s) realmsfile = fopen(s,"r"); - if (!realmsfile) realmsfile = krb__v5_get_file("krb4_realms"); - if (!realmsfile) realmsfile = fopen(KRB_RLM_TRANS, "r"); - -#ifdef ATHENA_CONF_FALLBACK - if (!realmsfile) realmsfile = fopen(KRB_FB_RLM_TRANS, "r"); -#endif - - if (realmsfile) - set_cloexec_file(realmsfile); - - return realmsfile; -} Deleted: branches/mskrb-integ/src/lib/krb4/g_cred.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_cred.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_cred.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,58 +0,0 @@ -/* - * g_cred.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include -#include "krb.h" - -/* - * krb_get_cred takes a service name, instance, and realm, and a - * structure of type CREDENTIALS to be filled in with ticket - * information. It then searches the ticket file for the appropriate - * ticket and fills in the structure with the corresponding - * information from the file. If successful, it returns KSUCCESS. - * On failure it returns a Kerberos error code. - */ - -int KRB5_CALLCONV -krb_get_cred(service,instance,realm,c) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Auth domain */ - CREDENTIALS *c; /* Credentials struct */ -{ - int tf_status; /* return value of tf function calls */ - - /* Open ticket file and lock it for shared reading */ - if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) - return(tf_status); - - /* Copy principal's name and instance into the CREDENTIALS struc c */ - - if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || - (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) - return (tf_status); - - /* Search for requested service credentials and copy into c */ - - while ((tf_status = tf_get_cred(c)) == KSUCCESS) { - /* Is this the right ticket? */ - if ((strcmp(c->service,service) == 0) && - (strcmp(c->instance,instance) == 0) && - (strcmp(c->realm,realm) == 0)) - break; - } - (void) tf_close(); - - if (tf_status == EOF) - return (GC_NOTKT); - return(tf_status); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_in_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,555 +0,0 @@ -/* - * lib/krb4/g_in_tkt.c - * - * Copyright 1986-2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "des.h" -#include "krb4int.h" -#include "prot.h" - -#include "port-sockets.h" -#include - -/* Define a couple of function types including parameters. These - are needed on MS-Windows to convert arguments of the function pointers - to the proper types during calls. These declarations are found - in , but the code below is too opaque if you can't also - see them here. */ -#ifndef KEY_PROC_TYPE_DEFINED -typedef int (*key_proc_type) (char *, char *, char *, - char *, C_Block); -#endif -#ifndef DECRYPT_TKT_TYPE_DEFINED -typedef int (*decrypt_tkt_type) (char *, char *, char *, char *, - key_proc_type, KTEXT *); -#endif - -static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *); -static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *, - int, char *, int, KTEXT, int *, struct sockaddr_in *); -static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *, - int, KTEXT, int, CREDENTIALS *); - -/* - * decrypt_tkt(): Given user, instance, realm, passwd, key_proc - * and the cipher text sent from the KDC, decrypt the cipher text - * using the key returned by key_proc. - */ - -static int -decrypt_tkt(user, instance, realm, arg, key_proc, cipp) - char *user; - char *instance; - char *realm; - char *arg; - key_proc_type key_proc; - KTEXT *cipp; -{ - KTEXT cip = *cipp; - C_Block key; /* Key for decrypting cipher */ - Key_schedule key_s; - register int rc; - -#ifndef NOENCRYPTION - /* Attempt to decrypt it */ -#endif - /* generate a key from the supplied arg or password. */ - rc = (*key_proc)(user, instance, realm, arg, key); - if (rc) - return rc; - -#ifndef NOENCRYPTION - key_sched(key, key_s); - pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat, - (long)cip->length, key_s, (C_Block *)key, 0); -#endif /* !NOENCRYPTION */ - /* Get rid of all traces of key */ - memset(key, 0, sizeof(key)); - memset(key_s, 0, sizeof(key_s)); - - return 0; -} - -/* - * krb_get_in_tkt() gets a ticket for a given principal to use a given - * service and stores the returned ticket and session key for future - * use. - * - * The "user", "instance", and "realm" arguments give the identity of - * the client who will use the ticket. The "service" and "sinstance" - * arguments give the identity of the server that the client wishes - * to use. (The realm of the server is the same as the Kerberos server - * to whom the request is sent.) The "life" argument indicates the - * desired lifetime of the ticket; the "key_proc" argument is a pointer - * to the routine used for getting the client's private key to decrypt - * the reply from Kerberos. The "decrypt_proc" argument is a pointer - * to the routine used to decrypt the reply from Kerberos; and "arg" - * is an argument to be passed on to the "key_proc" routine. - * - * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it - * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned - * by Kerberos, then the error code it contains is returned. Other - * error codes returned by this routine include INTK_PROT to indicate - * wrong protocol version, INTK_BADPW to indicate bad password (if - * decrypted ticket didn't make sense), INTK_ERR if the ticket was for - * the wrong server or the ticket store couldn't be initialized. - * - * The format of the message sent to Kerberos is as follows: - * - * Size Variable Field - * ---- -------- ----- - * - * 1 byte KRB_PROT_VERSION protocol version number - * 1 byte AUTH_MSG_KDC_REQUEST | message type - * HOST_BYTE_ORDER local byte order in lsb - * string user client's name - * string instance client's instance - * string realm client's realm - * 4 bytes tlocal.tv_sec timestamp in seconds - * 1 byte life desired lifetime - * string service service's name - * string sinstance service's instance - */ - -static int -krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, - preauth_p, preauth_len, cip, byteorder, local_addr) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - char *preauth_p; - int preauth_len; - KTEXT cip; - int *byteorder; - struct sockaddr_in *local_addr; -{ - KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; /* Packet to KDC */ - KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; /* Returned packet */ - unsigned char *p; - size_t userlen, instlen, realmlen, servicelen, sinstlen; - unsigned KRB4_32 t_local; - - int msg_byte_order; - int kerror; - socklen_t addrlen; -#if 0 - unsigned long exp_date; -#endif - unsigned long rep_err_code; - unsigned long cip_len; - unsigned int t_switch; - int i, len; - - /* BUILD REQUEST PACKET */ - - p = pkt->dat; - - userlen = strlen(user) + 1; - instlen = strlen(instance) + 1; - realmlen = strlen(realm) + 1; - servicelen = strlen(service) + 1; - sinstlen = strlen(sinstance) + 1; - /* Make sure the ticket data will fit into the buffer. */ - if (sizeof(pkt->dat) < (1 + 1 + userlen + instlen + realmlen - + 4 + 1 + servicelen + sinstlen - + preauth_len)) { - pkt->length = 0; - return INTK_ERR; - } - - /* Set up the fixed part of the packet */ - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_KDC_REQUEST; - - /* Now for the variable info */ - memcpy(p, user, userlen); - p += userlen; - memcpy(p, instance, instlen); - p += instlen; - memcpy(p, realm, realmlen); - p += realmlen; - - /* timestamp */ - t_local = TIME_GMT_UNIXSEC; - KRB4_PUT32BE(p, t_local); - - *p++ = life; - - memcpy(p, service, servicelen); - p += servicelen; - memcpy(p, sinstance, sinstlen); - p += sinstlen; - - if (preauth_len) - memcpy(p, preauth_p, (size_t)preauth_len); - p += preauth_len; - - pkt->length = p - pkt->dat; - - /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ - rpkt->length = 0; - addrlen = sizeof(struct sockaddr_in); - kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm, - (struct sockaddr *)local_addr, - &addrlen); - if (kerror) - return kerror; - - p = rpkt->dat; -#define RPKT_REMAIN (rpkt->length - (p - rpkt->dat)) - - /* check packet version of the returned packet */ - if (RPKT_REMAIN < 1 + 1) - return INTK_PROT; - if (*p++ != KRB_PROT_VERSION) - return INTK_PROT; - - /* This used to be - switch (pkt_msg_type(rpkt) & ~1) { - but SCO 3.2v4 cc compiled that incorrectly. */ - t_switch = *p++; - /* Check byte order */ - msg_byte_order = t_switch & 1; - t_switch &= ~1; - - /* EXTRACT INFORMATION FROM RETURN PACKET */ - - /* - * Skip over some stuff (3 strings and various integers -- see - * cr_auth_repl.c for details). - */ - for (i = 0; i < 3; i++) { - len = krb4int_strnlen((char *)p, RPKT_REMAIN) + 1; - if (len <= 0) - return INTK_PROT; - p += len; - } - switch (t_switch) { - case AUTH_MSG_KDC_REPLY: - if (RPKT_REMAIN < 4 + 1 + 4 + 1) - return INTK_PROT; - p += 4 + 1 + 4 + 1; - break; - case AUTH_MSG_ERR_REPLY: - if (RPKT_REMAIN < 8) - return INTK_PROT; - p += 4; - KRB4_GET32(rep_err_code, p, msg_byte_order); - return rep_err_code; - default: - return INTK_PROT; - } - - /* Extract the ciphertext */ - if (RPKT_REMAIN < 2) - return INTK_PROT; - KRB4_GET16(cip_len, p, msg_byte_order); - if (RPKT_REMAIN < cip_len) - return INTK_ERR; - /* - * RPKT_REMAIN will always be non-negative and at most the maximum - * possible value of cip->length, so this assignment is safe. - */ - cip->length = cip_len; - memcpy(cip->dat, p, (size_t)cip->length); - p += cip->length; - - *byteorder = msg_byte_order; - return INTK_OK; -} - -static int -krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip, - byteorder, creds) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - KTEXT cip; - int byteorder; - CREDENTIALS *creds; -{ - unsigned char *ptr; - int len; - int kvno; /* Kvno for session key */ - char s_name[SNAME_SZ]; - char s_instance[INST_SZ]; - char rlm[REALM_SZ]; - KTEXT_ST tkt_st; - KTEXT tkt = &tkt_st; /* Current ticket */ - unsigned long kdc_time; /* KDC time */ - unsigned KRB4_32 t_local; /* Must be 4 bytes long for memcpy below! */ - KRB4_32 t_diff; /* Difference between timestamps */ - int lifetime; - - ptr = cip->dat; - /* Assume that cip->length >= 0 for now. */ -#define CIP_REMAIN (cip->length - (ptr - cip->dat)) - - /* Skip session key for now */ - if (CIP_REMAIN < 8) - return INTK_BADPW; - ptr += 8; - - /* extract server's name */ - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > sizeof(s_name)) - return INTK_BADPW; - memcpy(s_name, ptr, (size_t)len); - ptr += len; - - /* extract server's instance */ - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > sizeof(s_instance)) - return INTK_BADPW; - memcpy(s_instance, ptr, (size_t)len); - ptr += len; - - /* extract server's realm */ - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > sizeof(rlm)) - return INTK_BADPW; - memcpy(rlm, ptr, (size_t)len); - ptr += len; - - /* extract ticket lifetime, server key version, ticket length */ - /* be sure to avoid sign extension on lifetime! */ - if (CIP_REMAIN < 3) - return INTK_BADPW; - lifetime = *ptr++; - kvno = *ptr++; - tkt->length = *ptr++; - - /* extract ticket itself */ - if (CIP_REMAIN < tkt->length) - return INTK_BADPW; - memcpy(tkt->dat, ptr, (size_t)tkt->length); - ptr += tkt->length; - - if (strcmp(s_name, service) || strcmp(s_instance, sinstance) - || strcmp(rlm, realm)) /* not what we asked for */ - return INTK_ERR; /* we need a better code here XXX */ - - /* check KDC time stamp */ - if (CIP_REMAIN < 4) - return INTK_BADPW; - KRB4_GET32(kdc_time, ptr, byteorder); - - t_local = TIME_GMT_UNIXSEC; - t_diff = t_local - kdc_time; - if (t_diff < 0) - t_diff = -t_diff; /* Absolute value of difference */ - if (t_diff > CLOCK_SKEW) { - return RD_AP_TIME; /* XXX should probably be better code */ - } - - /* stash ticket, session key, etc. for future use */ - strncpy(creds->service, s_name, sizeof(creds->service)); - strncpy(creds->instance, s_instance, sizeof(creds->instance)); - strncpy(creds->realm, rlm, sizeof(creds->realm)); - memmove(creds->session, cip->dat, sizeof(C_Block)); - creds->lifetime = lifetime; - creds->kvno = kvno; - creds->ticket_st.length = tkt->length; - memmove(creds->ticket_st.dat, tkt->dat, (size_t)tkt->length); - creds->issue_date = t_local; - strncpy(creds->pname, user, sizeof(creds->pname)); - strncpy(creds->pinst, instance, sizeof(creds->pinst)); - - return INTK_OK; -} - -int -krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, - arg, preauth_p, preauth_len, creds, laddrp) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; - char *preauth_p; - int preauth_len; - CREDENTIALS *creds; - KRB_UINT32 *laddrp; -{ - int ok; - char key_string[BUFSIZ]; - KTEXT_ST cip_st; - KTEXT cip = &cip_st; /* Returned Ciphertext */ - int kerror; - int byteorder; - key_proc_type *keyprocs = krb_get_keyprocs (key_proc); - int i = 0; - struct sockaddr_in local_addr; - - kerror = krb_mk_in_tkt_preauth(user, instance, realm, - service, sinstance, - life, preauth_p, preauth_len, - cip, &byteorder, &local_addr); - if (kerror) - return kerror; - - /* If arg is null, we have to prompt for the password. decrypt_tkt, by - way of the *_passwd_to_key functions, will prompt if the password is - NULL, but that means that each separate encryption type will prompt - separately. Obtain the password first so that we can try multiple - encryption types without re-prompting. - - Don't, however, prompt on a Windows or Macintosh environment, since - that's harder. Rely on our caller to do it. */ -#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY)) - if (arg == NULL) { - ok = des_read_pw_string(key_string, sizeof(key_string), "Password", 0); - if (ok != 0) - return ok; - arg = key_string; - } -#endif - - /* Attempt to decrypt the reply. Loop trying password_to_key algorithms - until we succeed or we get an error other than "bad password" */ - do { - KTEXT_ST cip_copy_st; - memcpy(&cip_copy_st, &cip_st, sizeof(cip_st)); - cip = &cip_copy_st; - if (decrypt_proc == NULL) { - decrypt_tkt (user, instance, realm, arg, keyprocs[i], &cip); - } else { - (*decrypt_proc)(user, instance, realm, arg, keyprocs[i], &cip); - } - kerror = krb_parse_in_tkt_creds(user, instance, realm, - service, sinstance, life, cip, byteorder, creds); - } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW)); - cip = &cip_st; - - /* Fill in the local address if the caller wants it */ - if (laddrp != NULL) { - *laddrp = local_addr.sin_addr.s_addr; - } - - /* stomp stomp stomp */ - memset(key_string, 0, sizeof(key_string)); - memset(cip->dat, 0, (size_t)cip->length); - return kerror; -} - -int KRB5_CALLCONV -krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, arg, creds) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; - CREDENTIALS *creds; -{ -#if TARGET_OS_MAC - KRB_UINT32 *laddrp = &creds->address; -#else - KRB_UINT32 *laddrp = NULL; /* Only the Mac stores the address */ -#endif - - return krb_get_in_tkt_preauth_creds(user, instance, realm, - service, sinstance, life, - key_proc, decrypt_proc, arg, - NULL, 0, creds, laddrp); -} - -int KRB5_CALLCONV -krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, - arg, preauth_p, preauth_len) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; - char *preauth_p; - int preauth_len; -{ - int retval; - KRB_UINT32 laddr; - CREDENTIALS creds; - - do { - retval = krb_get_in_tkt_preauth_creds(user, instance, realm, - service, sinstance, life, - key_proc, decrypt_proc, - arg, preauth_p, preauth_len, - &creds, &laddr); - if (retval != KSUCCESS) break; - if (krb_in_tkt(user, instance, realm) != KSUCCESS) { - retval = INTK_ERR; - break; - } - retval = krb4int_save_credentials_addr(creds.service, creds.instance, - creds.realm, creds.session, - creds.lifetime, creds.kvno, - &creds.ticket_st, - creds.issue_date, laddr); - if (retval != KSUCCESS) break; - } while (0); - memset(&creds, 0, sizeof(creds)); - return retval; -} - -int KRB5_CALLCONV -krb_get_in_tkt(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, arg) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; -{ - return krb_get_in_tkt_preauth(user, instance, realm, - service, sinstance, life, - key_proc, decrypt_proc, arg, - NULL, 0); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_phost.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_phost.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_phost.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,92 +0,0 @@ -/* - * lib/krb4/g_phost.c - * - * Copyright 1988, 2001 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" - -#include -#include -#include -#include "port-sockets.h" - -/* - * This routine takes an alias for a host name and returns the first - * field, lower case, of its domain name. For example, if "menel" is - * an alias for host officially named "menelaus" (in /etc/hosts), for - * the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus" - * is returned. - * - * This is done for historical Athena reasons: the Kerberos name of - * rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host at realm" - * where "host"is the lowercase for of the host name ("menelaus"). - * This should go away: the instance should be the domain name - * (MENELAUS.MIT.EDU). But for now we need this routine... - * - * A pointer to the name is returned, if found, otherwise a pointer - * to the original "alias" argument is returned. - */ - -char * KRB5_CALLCONV -krb_get_phost(alias) - char *alias; -{ - struct hostent *h; - char *p; - unsigned char *ucp; - static char hostname_mem[MAXHOSTNAMELEN]; -#ifdef DO_REVERSE_RESOLVE - char *rev_addr; int rev_type, rev_len; -#endif - - if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) { -#ifdef DO_REVERSE_RESOLVE - if (! h->h_addr_list ||! h->h_addr_list[0]) { - return(0); - } - rev_type = h->h_addrtype; - rev_len = h->h_length; - rev_addr = malloc(rev_len); - _fmemcpy(rev_addr, h->h_addr_list[0], rev_len); - h = gethostbyaddr(rev_addr, rev_len, rev_type); - free(rev_addr); - if (h == 0) { - return (0); - } -#endif - /* We don't want to return a *, so we copy to a safe location. */ - strncpy (hostname_mem, h->h_name, sizeof (hostname_mem)); - /* Bail out if h_name is too long. */ - if (hostname_mem[MAXHOSTNAMELEN-1] != '\0') - return NULL; - p = strchr( hostname_mem, '.' ); - if (p) - *p = 0; - ucp = (unsigned char *)hostname_mem; - do { - if (isupper(*ucp)) *ucp=tolower(*ucp); - } while (*ucp++); - } - return(hostname_mem); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,341 +0,0 @@ -/* - * lib/krb4/g_pw_in_tkt.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include "krb.h" -#include "krb4int.h" -#include "krb_err.h" -#include "prot.h" -#include - -#ifndef NULL -#define NULL 0 -#endif - -#ifndef INTK_PW_NULL -#define INTK_PW_NULL KRBET_GT_PW_NULL -#endif - -/* - * This file contains one routine: krb_get_pw_in_tkt() gets an initial ticket for - * a user. - */ - -/* - * krb_get_pw_in_tkt() takes the name of the server for which the initial - * ticket is to be obtained, the name of the principal the ticket is - * for, the desired lifetime of the ticket, and the user's password. - * It passes its arguments on to krb_get_in_tkt(), which contacts - * Kerberos to get the ticket, decrypts it using the password provided, - * and stores it away for future use. - * - * On a Unix system, krb_get_pw_in_tkt() is able to prompt the user - * for a password, if the supplied password is null. On a a non Unix - * system, it now requires the caller to supply a non-null password. - * This is because of the complexities of prompting the user in a - * non-terminal-oriented environment like the Macintosh (running in a - * driver) or MS-Windows (in a DLL). - * - * krb_get_pw_in_tkt() passes two additional arguments to - * krb_get_in_tkt(): a routine to be used to get the password in case - * the "password" argument is null and NULL for the decryption - * procedure indicating that krb_get_in_tkt should use the default - * method of decrypting the response from the KDC. - * - * The result of the call to krb_get_in_tkt() is returned. - */ - -int KRB5_CALLCONV -krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ -#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY) - /* In spite of the comments above, we don't allow that path here, - to simplify coding the non-UNIX clients. The only code that now - depends on this behavior is the preauth support, which has a - seperate function without this trap. Strictly speaking, this - is an API change. */ - - if (password == 0) - return INTK_PW_NULL; -#endif - - return(krb_get_in_tkt(user,instance,realm,service,sinstance,life, - (key_proc_type)NULL, /* krb_get_in_tkt will try them all */ - (decrypt_tkt_type)NULL, password)); -} - -int KRB5_CALLCONV -krb_get_pw_in_tkt_creds( - char *user, char *instance, char *realm, char *service, char *sinstance, - int life, char *password, CREDENTIALS *creds) -{ - return krb_get_in_tkt_creds(user, instance, realm, - service, sinstance, life, - (key_proc_type)NULL, /* krb_get_in_tkt_creds will try them all */ - NULL, password, creds); -} - - -/* - * krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly, - * since the whole point of "pre" authentication is to prove that we've - * already got the key, and the only way to do that is to ask the user - * for it. Clearly we shouldn't ask twice. - */ - -static C_Block old_key; - -static int stub_key(user,instance,realm,passwd,key) - char *user, *instance, *realm, *passwd; - C_Block key; -{ - (void) memcpy((char *) key, (char *) old_key, sizeof(old_key)); - return 0; -} - -int KRB5_CALLCONV -krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ - char *preauth_p; - int preauth_len; - int ret_st; - key_proc_type *keyprocs = krb_get_keyprocs (NULL); - int i = 0; - -#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY) - /* On non-Unix systems, we can't handle a null password, because - passwd_to_key can't handle prompting for the password. */ - if (password == 0) - return INTK_PW_NULL; -#endif - - /* Loop trying all the key_proc types */ - do { - krb_mk_preauth(&preauth_p, &preauth_len, keyprocs[i], - user, instance, realm, password, old_key); - ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life, - (key_proc_type) stub_key, - (decrypt_tkt_type) NULL, password, - preauth_p, preauth_len); - - krb_free_preauth(preauth_p, preauth_len); - } while ((keyprocs[++i] != NULL) && (ret_st == INTK_BADPW)); - - return ret_st; -} - -/* FIXME! This routine belongs in the krb library and should simply - be shared between the encrypted and NOENCRYPTION versions! */ - -#ifdef NOENCRYPTION -/* - * This routine prints the supplied string to standard - * output as a prompt, and reads a password string without - * echoing. - */ - -#include -#ifdef BSDUNIX -#include -#include -#include -#include -#else -int strcmp(); -#endif -#if defined(__svr4__) || defined(__SVR4) -#include -#endif - -#ifdef BSDUNIX -static jmp_buf env; -#endif - -#ifdef BSDUNIX -static void sig_restore(); -static push_signals(), pop_signals(); -int placebo_read_pw_string(); -#endif - -/*** Routines ****************************************************** */ -int -placebo_read_password(k,prompt,verify) - des_cblock *k; - char *prompt; - int verify; -{ - int ok; - char key_string[BUFSIZ]; - -#ifdef BSDUNIX - if (setjmp(env)) { - ok = -1; - goto lose; - } -#endif - - ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify); - if (ok == 0) - memset(k, 0, sizeof(C_Block)); - -lose: - memset(key_string, 0, sizeof (key_string)); - return ok; -} - -/* - * This version just returns the string, doesn't map to key. - * - * Returns 0 on success, non-zero on failure. - */ - -int -placebo_read_pw_string(s,max,prompt,verify) - char *s; - int max; - char *prompt; - int verify; -{ - int ok = 0; - char *ptr; - -#ifdef BSDUNIX - jmp_buf old_env; - struct sgttyb tty_state; -#endif - char key_string[BUFSIZ]; - - if (max > BUFSIZ) { - return -1; - } - -#ifdef BSDUNIX - memcpy(env, old_env, sizeof(env)); - if (setjmp(env)) - goto lose; - - /* save terminal state */ - if (ioctl(0,TIOCGETP,&tty_state) == -1) - return -1; - - push_signals(); - /* Turn off echo */ - tty_state.sg_flags &= ~ECHO; - if (ioctl(0,TIOCSETP,&tty_state) == -1) - return -1; -#endif - while (!ok) { - printf(prompt); - fflush(stdout); -#ifdef CROSSMSDOS - h19line(s,sizeof(s),0); - if (!strlen(s)) - continue; -#else - if (!fgets(s, max, stdin)) { - clearerr(stdin); - continue; - } - if ((ptr = strchr(s, '\n'))) - *ptr = '\0'; -#endif - if (verify) { - printf("\nVerifying, please re-enter %s",prompt); - fflush(stdout); -#ifdef CROSSMSDOS - h19line(key_string,sizeof(key_string),0); - if (!strlen(key_string)) - continue; -#else - if (!fgets(key_string, sizeof(key_string), stdin)) { - clearerr(stdin); - continue; - } - if ((ptr = strchr(key_string, '\n'))) - *ptr = '\0'; -#endif - if (strcmp(s,key_string)) { - printf("\n\07\07Mismatch - try again\n"); - fflush(stdout); - continue; - } - } - ok = 1; - } - -#ifdef BSDUNIX -lose: - if (!ok) - memset(s, 0, max); - printf("\n"); - /* turn echo back on */ - tty_state.sg_flags |= ECHO; - if (ioctl(0,TIOCSETP,&tty_state)) - ok = 0; - pop_signals(); - memcpy(old_env, env, sizeof(env)); -#endif - if (verify) - memset(key_string, 0, sizeof (key_string)); - s[max-1] = 0; /* force termination */ - return !ok; /* return nonzero if not okay */ -} - -#ifdef BSDUNIX -/* - * this can be static since we should never have more than - * one set saved.... - */ -static sigtype (*old_sigfunc[NSIG])(); - -static push_signals() -{ - register i; - for (i = 0; i < NSIG; i++) - old_sigfunc[i] = signal(i,sig_restore); -} - -static pop_signals() -{ - register i; - for (i = 0; i < NSIG; i++) - signal(i,old_sigfunc[i]); -} - -static void sig_restore(sig,code,scp) - int sig,code; - struct sigcontext *scp; -{ - longjmp(env,1); -} -#endif -#endif /* NOENCRYPTION */ Deleted: branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,68 +0,0 @@ -/* - * g_pw_tkt.c - * - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" - -/* - * Get a ticket for the password-changing server ("changepw.KRB_MASTER"). - * - * Given the name, instance, realm, and current password of the - * principal for which the user wants a password-changing-ticket, - * return either: - * - * GT_PW_BADPW if current password was wrong, - * GT_PW_NULL if principal had a NULL password, - * or the result of the krb_get_pw_in_tkt() call. - * - * First, try to get a ticket for "user.instance at realm" to use the - * "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h"). - * The requested lifetime for the ticket is "1", and the current - * password is the "cpw" argument given. - * - * If the password was bad, give up. - * - * If the principal had a NULL password in the Kerberos database - * (indicating that the principal is known to Kerberos, but hasn't - * got a password yet), try instead to get a ticket for the principal - * "default.changepw at realm" to use the "changepw.KRB_MASTER" server. - * Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL - * if all goes well, otherwise the error. - * - * If this routine succeeds, a ticket and session key for either the - * principal "user.instance at realm" or "default.changepw at realm" to use - * the password-changing server will be in the user's ticket file. - */ - -int KRB5_CALLCONV -get_pw_tkt(user,instance,realm,cpw) - char *user; - char *instance; - char *realm; - char *cpw; -{ - int kerror; - - kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw", - KRB_MASTER, 1, cpw); - - if (kerror == INTK_BADPW) - return(GT_PW_BADPW); - - if (kerror == KDC_NULL_KEY) { - kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw", - KRB_MASTER,1,"changepwkrb"); - if (kerror) - return(kerror); - return(GT_PW_NULL); - } - - return(kerror); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,152 +0,0 @@ -/* - * lib/krb4/g_svc_in_tkt.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include -#include "krb.h" -#include "prot.h" -#include "krb4int.h" - -/* - * This file contains two routines: srvtab_to_key(), which gets - * a server's key from a srvtab file, and krb_get_svc_in_tkt() which - * gets an initial ticket for a server. - */ - -/* - * srvtab_to_key(): given a "srvtab" file (where the keys for the - * service on a host are stored), return the private key of the - * given service (user.instance at realm). - * - * srvtab_to_key() passes its arguments on to read_service_key(), - * plus one additional argument, the key version number. - * (Currently, the key version number is always 0; this value - * is treated as a wildcard by read_service_key().) - * - * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") - * is passed in its place. - * - * It returns the return value of the read_service_key() call. - * The service key is placed in "key". - */ - -static int srvtab_to_key(user, instance, realm, srvtab, key) - char *user, *instance, *realm, *srvtab; - C_Block key; -{ - if (!srvtab) - srvtab = KEYFILE; - - return(read_service_key(user, instance, realm, 0, srvtab, - (char *)key)); -} - -/* - * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), - * plus two additional arguments: a pointer to the srvtab_to_key() - * function to be used to get the key from the key file and a NULL - * for the decryption procedure indicating that krb_get_in_tkt should - * use the default method of decrypting the response from the KDC. - * - * It returns the return value of the krb_get_in_tkt() call. - */ - -int KRB5_CALLCONV -krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *srvtab; -{ - return(krb_get_in_tkt(user, instance, realm, service, sinstance, life, - (key_proc_type) srvtab_to_key, NULL, srvtab)); -} - -/* and we need a preauth version as well. */ -static C_Block old_key; - -static int stub_key(user,instance,realm,passwd,key) - char *user, *instance, *realm, *passwd; - C_Block key; -{ - memcpy(key, old_key, sizeof(C_Block)); - return 0; -} - -int -krb_get_svc_in_tkt_preauth(user, instance, realm, service, sinstance, life, srvtab) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *srvtab; -{ - char *preauth_p; - int preauth_len; - int ret_st; - - krb_mk_preauth(&preauth_p, &preauth_len, - (key_proc_type) srvtab_to_key, user, instance, realm, - srvtab, old_key); - ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life, - (key_proc_type) stub_key, NULL, srvtab, - preauth_p, preauth_len); - - krb_free_preauth(preauth_p, preauth_len); - return ret_st; -} - -/* DEC's dss-kerberos adds krb_svc_init; simple enough */ - -int -krb_svc_init(user,instance,realm,lifetime,srvtab_file,tkt_file) - char *user; - char *instance; - char *realm; - int lifetime; - char *srvtab_file; - char *tkt_file; -{ - if (tkt_file) - krb_set_tkt_string(tkt_file); - - return krb_get_svc_in_tkt(user,instance,realm, - KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file); -} - - -int -krb_svc_init_preauth(user,instance,realm,lifetime,srvtab_file,tkt_file) - char *user; - char *instance; - char *realm; - int lifetime; - char *srvtab_file; - char *tkt_file; -{ - if (tkt_file) - krb_set_tkt_string(tkt_file); - - return krb_get_svc_in_tkt_preauth(user,instance,realm, - KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_tf_fname.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_tf_fname.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_tf_fname.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,67 +0,0 @@ -/* - * g_tf_fname.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include -#include /* For EOF */ - -/* - * This file contains a routine to extract the fullname of a user - * from the ticket file. - */ - -/* - * krb_get_tf_fullname() takes four arguments: the name of the - * ticket file, and variables for name, instance, and realm to be - * returned in. Since the realm of a ticket file is not really fully - * supported, the realm used will be that of the the first ticket in - * the file as this is the one that was obtained with a password by - * krb_get_in_tkt(). - */ - -int KRB5_CALLCONV -krb_get_tf_fullname(ticket_file, name, instance, realm) - const char *ticket_file; - char *name; - char *instance; - char *realm; -{ - int tf_status; - CREDENTIALS c; - - /* If ticket cache selector is null, use default cache. */ - if (ticket_file == 0) - ticket_file = tkt_string(); - - if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) - return(tf_status); - - if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || - ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) - return (tf_status); - - if (name) - strcpy(name, c.pname); - if (instance) - strcpy(instance, c.pinst); - if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { - if (realm) - strcpy(realm, c.realm); - } - else { - if (tf_status == EOF) - return(KFAILURE); - else - return(tf_status); - } - (void) tf_close(); - - return(tf_status); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_tf_realm.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_tf_realm.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_tf_realm.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,44 +0,0 @@ -/* - * lib/krb4/g_tf_realm.c - * - * Copyright 1987-2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" - -/* - * This file contains a routine to extract the realm of a kerberos - * ticket file. - */ - -/* - * krb_get_tf_realm() takes two arguments: the name of a ticket - * and a variable to store the name of the realm in. - * - */ - -int KRB5_CALLCONV -krb_get_tf_realm(const char *ticket_file, char *realm) -{ - return krb_get_tf_fullname(ticket_file, NULL, NULL, realm); -} Deleted: branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,174 +0,0 @@ -/* - * g_tkt_svc.c - * - * Gets a ticket for a service. Adopted from KClient. - */ - -#include -#include "krb.h" -#include "port-sockets.h" - -/* FIXME -- this should probably be calling mk_auth nowadays. */ -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ - - -static int -ParseFullName(name, instance, realm, fname) - char *name; - char *instance; - char *realm; - char *fname; -{ - int err; - - if (!*fname) return KNAME_FMT; /* null names are not OK */ - *instance = '\0'; - err = kname_parse(name,instance,realm,fname); - if (err) return err; - if (!*name) return KNAME_FMT; /* null names are not OK */ - if (!*realm) { - if ((err = krb_get_lrealm (realm, 1))) - return err; - if (!*realm) return KNAME_FMT; /* FIXME -- should give better error */ - } - return KSUCCESS; -} - - - -static void -CopyTicket(dest, src, numBytes, version, includeVersion) - char *dest; - KTEXT src; - unsigned KRB4_32 *numBytes; - char *version; - int includeVersion; -{ - unsigned KRB4_32 tkt_len; - unsigned KRB4_32 nbytes = 0; - - /* first put version info into the buffer */ - if (includeVersion) { - (void) strncpy(dest, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); - (void) strncpy(dest+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN); - nbytes = 2*KRB_SENDAUTH_VLEN; - } - - /* put ticket length into buffer */ - tkt_len = htonl((unsigned long) src->length); - (void) memcpy((char *)(dest+nbytes), (char *) &tkt_len, sizeof(tkt_len)); - nbytes += sizeof(tkt_len); - - /* put ticket into buffer */ - (void) memcpy ((char *)(dest+nbytes), (char *) src->dat, src->length); - nbytes += src->length; - - *numBytes = nbytes; -} - - -static int -CredIsExpired( cr ) - CREDENTIALS *cr; -{ - KRB4_32 now; - - /* This routine is for use with clients only in order to determine - if a credential is still good. - Note: twice CLOCK_SKEW was added to age of ticket so that we could - be more sure that the ticket was good. - FIXME: I think this is a bug -- should use the same algorithm - everywhere to determine ticket expiration. */ - - now = TIME_GMT_UNIXSEC; - return now + 2 * CLOCK_SKEW > krb_life_to_time(cr->issue_date, - cr->lifetime); -} - - -/* - * Gets a ticket and returns it to application in buf - -> service Formal Kerberos name of service - -> buf Buffer to receive ticket - -> checksum checksum for this service - <-> buflen length of ticket buffer (must be at least - 1258 bytes) - <- sessionKey for internal use - <- schedule for internal use - - * Result is: - * GC_NOTKT if there is no matching TGT in the cache - * MK_AP_TGTEXP if the matching TGT is expired - * Other errors possible. These could cause a dialogue with the user - * to get a new TGT. - */ - -int KRB5_CALLCONV -krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey, - schedule, version, includeVersion) - char *serviceName; - char *buf; - unsigned KRB4_32 *buflen; - int checksum; - des_cblock sessionKey; - Key_schedule schedule; - char *version; - int includeVersion; -{ - char service[SNAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; - int err; - char lrealm[REALM_SZ]; - CREDENTIALS cr; - - service[0] = '\0'; - instance[0] = '\0'; - realm[0] = '\0'; - - /* parse out service name */ - - err = ParseFullName(service, instance, realm, serviceName); - if (err) - return err; - - if ((err = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS) - return(err); - - /* Make sure we have an intial ticket for the user in this realm - Check local realm, not realm for service since krb_mk_req will - get additional krbtgt if necessary. This is so that inter-realm - works without asking for a password twice. - FIXME gnu - I think this is a bug. We should allow direct - authentication to the desired realm, regardless of what the "local" - realm is. I fixed it. FIXME -- not quite right. */ - err = krb_get_cred (KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr); - if (err) - return err; - - err = CredIsExpired(&cr); - if (err) - return RD_AP_EXP; /* Expired ticket */ - - /* Get a ticket for the service */ - err = krb_mk_req(&(cr.ticket_st),service,instance,realm,checksum); - if (err) - return err; - - CopyTicket(buf, &(cr.ticket_st), buflen, version, includeVersion); - - /* get the session key for later use in deciphering the server response */ - err = krb_get_cred(service,instance,realm,&cr); - if (err) - return err; - memcpy((char *)sessionKey, (char *)cr.session, sizeof(C_Block)); - err = key_sched(sessionKey, schedule); - if (err) - return KFAILURE; /* Bad DES key for some reason (FIXME better error) */ - - else - return KSUCCESS; - -} - - Deleted: branches/mskrb-integ/src/lib/krb4/gethostname.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/gethostname.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/gethostname.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,36 +0,0 @@ -/* - * gethostname.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include "krb4int.h" -#include "autoconf.h" - -#ifdef HAVE_UNISTD_H -#include -#endif - -#ifndef GETHOSTNAME -#define GETHOSTNAME gethostname /* A rather simple default */ -#endif - -/* - * Return the local host's name in "name", up to "namelen" characters. - * "name" will be null-terminated if "namelen" is big enough. - * The return code is 0 on success, -1 on failure. (The calling - * interface is identical to BSD gethostname(2).) - */ - -int -k_gethostname(name, namelen) - char *name; - int namelen; -{ - return GETHOSTNAME(name, namelen); -} Deleted: branches/mskrb-integ/src/lib/krb4/getst.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/getst.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/getst.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,40 +0,0 @@ -/* - * getst.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include "krb4int.h" -#include "autoconf.h" -#ifdef HAVE_UNISTD_H -#include -#endif - -/* - * getst() takes a file descriptor, a string and a count. It reads - * from the file until either it has read "count" characters, or until - * it reads a null byte. When finished, what has been read exists in - * the given string "s". If "count" characters were actually read, the - * last is changed to a null, so the returned string is always null- - * terminated. getst() returns the number of characters read, including - * the null terminator. - */ - -int -getst(fd, s, n) - int fd; - register char *s; - int n; -{ - register int count = n; - while (read(fd, s, 1) > 0 && --count) - if (*s++ == '\0') - return (n - count); - *s = '\0'; - return (n - count); -} Deleted: branches/mskrb-integ/src/lib/krb4/in_tkt.c =================================================================== --- branches/mskrb-integ/src/lib/krb4/in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,205 +0,0 @@ -/* - * lib/krb4/in_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include -#include -#include "krb.h" -#include -#include -#include "autoconf.h" -#ifdef TKT_SHMEM -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif - -extern int krb_debug; - -/* - * in_tkt() is used to initialize the ticket store. It creates the - * file to contain the tickets and writes the given user's name "pname" - * and instance "pinst" in the file. in_tkt() returns KSUCCESS on - * success, or KFAILURE if something goes wrong. - */ - -#include "k5-util.h" -#define do_seteuid krb5_seteuid -#include "k5-platform.h" - -#ifndef O_SYNC -#define O_SYNC 0 -#endif - -int KRB5_CALLCONV -in_tkt(pname,pinst) - char *pname; - char *pinst; -{ - int tktfile; - uid_t me, metoo, getuid(), geteuid(); - struct stat statpre, statpost; - int count; - const char *file = TKT_FILE; - int fd; - register int i; - char charbuf[BUFSIZ]; - mode_t mask; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; -#endif /* TKT_SHMEM */ - - /* If ticket cache selector is null, use default cache. */ - if (file == 0) - file = tkt_string(); - - me = getuid (); - metoo = geteuid(); - if (lstat(file, &statpre) == 0) { - if (statpre.st_uid != me || !(statpre.st_mode & S_IFREG) - || statpre.st_nlink != 1 || statpre.st_mode & 077) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",file); - return(KFAILURE); - } - /* - * Yes, we do uid twiddling here. It's not optimal, but some - * applications may expect that the ruid is what should really - * own the ticket file, e.g. setuid applications. - */ - if (me != metoo && do_seteuid(me) < 0) - return KFAILURE; - /* file already exists, and permissions appear ok, so nuke it */ - fd = open(file, O_RDWR|O_SYNC, 0); - if (fd >= 0) - set_cloexec_fd(fd); - (void)unlink(file); - if (me != metoo && do_seteuid(metoo) < 0) - return KFAILURE; - if (fd < 0) { - goto out; /* can't zero it, but we can still try truncating it */ - } - - /* - * Do some additional paranoid things. The worst-case - * situation is that a user may be fooled into opening a - * non-regular file briefly if the file is in a directory with - * improper permissions. - */ - if (fstat(fd, &statpost) < 0) { - (void)close(fd); - goto out; - } - if (statpre.st_dev != statpost.st_dev - || statpre.st_ino != statpost.st_ino) { - (void)close(fd); - errno = 0; - goto out; - } - - memset(charbuf, 0, sizeof(charbuf)); - - for (i = 0; i < statpost.st_size; i += sizeof(charbuf)) - if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) { -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - goto out; - } - -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - } - out: - /* arrange so the file is owned by the ruid - (swap real & effective uid if necessary). - This isn't a security problem, since the ticket file, if it already - exists, has the right uid (== ruid) and mode. */ - if (me != metoo) { - if (do_seteuid(me) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("in_tkt: seteuid"); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n",(int) metoo, (int) me); - } - /* Set umask to ensure that we have write access on the created - ticket file. */ - mask = umask(077); - tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600); - if (tktfile >= 0) - set_cloexec_fd(tktfile); - umask(mask); - if (me != metoo) { - if (do_seteuid(metoo) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("in_tkt: seteuid2"); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n", (int) me, (int) metoo); - } - if (tktfile < 0) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",TKT_FILE); - return(KFAILURE); - } - count = strlen(pname)+1; - if (write(tktfile,pname,count) != count) { - (void) close(tktfile); - return(KFAILURE); - } - count = strlen(pinst)+1; - if (write(tktfile,pinst,count) != count) { - (void) close(tktfile); - return(KFAILURE); - } - (void) close(tktfile); -#ifdef TKT_SHMEM - (void) strncpy(shmidname, file, sizeof(shmidname) - 1); - shmidname[sizeof(shmidname) - 1] = '\0'; - (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname)); - return(krb_shm_create(shmidname)); -#else /* !TKT_SHMEM */ - return(KSUCCESS); -#endif /* TKT_SHMEM */ -} - -int KRB5_CALLCONV -krb_in_tkt(pname, pinst, prealm) - char *pname; - char *pinst; - char *prealm; -{ - return in_tkt(pname, pinst); -} Deleted: branches/mskrb-integ/src/lib/krb4/kadm_err.et =================================================================== --- branches/mskrb-integ/src/lib/krb4/kadm_err.et 2009-01-03 01:28:31 UTC (rev 21677) +++ branches/mskrb-integ/src/lib/krb4/kadm_err.et 2009-01-03 03:00:25 UTC (rev 21678) @@ -1,58 +0,0 @@ -# kadmin.v4/server/kadm_err.et -# -# Copyright 1988 by the Massachusetts Institute of Technology. -# -# For copying and distribution information, please see the file -# . -# -# Kerberos administration server error table -# - et kadm - -# KADM_SUCCESS, as all success codes should be, is zero - -ec KADM_RCSID, "$Header$" -# /* Building and unbuilding the packet errors */ -ec KADM_NO_REALM, "Cannot fetch local realm" -ec KADM_NO_CRED, "Unable to fetch credentials" -ec KADM_BAD_KEY, "Bad key supplied" -ec KADM_NO_ENCRYPT, "Can't encrypt data" -ec KADM_NO_AUTH, "Cannot encode/decode authentication info" -ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" -ec KADM_NO_ROOM, "Packet is too large" -ec KADM_BAD_VER, "Version number is incorrect" -ec KADM_BAD_CHK, "Checksum does not match" -ec KADM_NO_READ, "Unsealing private data failed" -ec KADM_NO_OPCODE, "Unsupported operation" -ec KADM_NO_HOST, "Could not find administrating host" -ec KADM_UNK_HOST, "Administrating host name is unknown" -ec KADM_NO_SERV, "Could not find service name in services database" -ec KADM_NO_SOCK, "Could not create socket" -ec KADM_NO_CONN, "Could not connect to server" -ec KADM_NO_HERE, "Could not fetch local socket address" -ec KADM_NO_MAST, "Could not fetch master key" -ec KADM_NO_VERI, "Could not verify master key" - -# /* From the server side routines */ -ec KADM_INUSE, "Entry already exists in database" -ec KADM_UK_SERROR, "Database store error" -ec KADM_UK_RERROR, "Database read error" -ec KADM_UNAUTH, "Insufficient access to perform requested operation" -# KADM_DATA isn't really an error, but... -ec KADM_DATA, "Data is available for return to client" -ec KADM_NOENTRY, "No such entry in the database" - -ec KADM_NOMEM, "Memory exhausted" -ec KADM_NO_HOSTNAME, "Could not fetch system hostname" -ec KADM_NO_BIND, "Could not bind port" -ec KADM_LENG