summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source4/heimdal/kdc/524.c30
-rw-r--r--source4/heimdal/kdc/kaserver.c10
-rw-r--r--source4/heimdal/kdc/kdc-private.h8
-rw-r--r--source4/heimdal/kdc/kerberos4.c10
-rw-r--r--source4/heimdal/kdc/kerberos5.c97
-rwxr-xr-xsource4/heimdal/kdc/pkinit.c683
-rw-r--r--source4/heimdal/lib/asn1/CMS.asn14
-rw-r--r--source4/heimdal/lib/asn1/canthandle.asn18
-rw-r--r--source4/heimdal/lib/asn1/gen.c9
-rw-r--r--source4/heimdal/lib/asn1/hash.c17
-rw-r--r--source4/heimdal/lib/asn1/k5.asn13
-rw-r--r--source4/heimdal/lib/asn1/lex.c1328
-rw-r--r--source4/heimdal/lib/asn1/parse.c356
-rw-r--r--source4/heimdal/lib/asn1/parse.h13
-rw-r--r--source4/heimdal/lib/asn1/test.asn140
-rw-r--r--source4/heimdal/lib/com_err/lex.c1317
-rw-r--r--source4/heimdal/lib/des/des.c5
-rw-r--r--source4/heimdal/lib/des/dh.h4
-rw-r--r--source4/heimdal/lib/des/engine.h5
-rw-r--r--source4/heimdal/lib/des/evp.c150
-rw-r--r--source4/heimdal/lib/des/evp.h15
-rw-r--r--source4/heimdal/lib/des/rand.h48
-rwxr-xr-xsource4/heimdal/lib/des/rc2.c4
-rw-r--r--source4/heimdal/lib/des/rsa.h4
-rw-r--r--source4/heimdal/lib/des/sha.h25
-rw-r--r--source4/heimdal/lib/des/sha256.c233
-rw-r--r--source4/heimdal/lib/gssapi/accept_sec_context.c1
-rw-r--r--source4/heimdal/lib/gssapi/get_mic.c12
-rw-r--r--source4/heimdal/lib/gssapi/gssapi_locl.h10
-rw-r--r--source4/heimdal/lib/gssapi/init_sec_context.c2
-rwxr-xr-xsource4/heimdal/lib/gssapi/sequence.c131
-rw-r--r--source4/heimdal/lib/gssapi/wrap.c16
-rw-r--r--source4/heimdal/lib/hdb/keys.c7
-rw-r--r--source4/heimdal/lib/hdb/keytab.c4
-rw-r--r--source4/heimdal/lib/krb5/acache.c64
-rw-r--r--source4/heimdal/lib/krb5/addr_families.c3
-rw-r--r--source4/heimdal/lib/krb5/build_auth.c11
-rw-r--r--source4/heimdal/lib/krb5/cache.c5
-rw-r--r--source4/heimdal/lib/krb5/config_file.c4
-rw-r--r--source4/heimdal/lib/krb5/crypto.c6
-rw-r--r--source4/heimdal/lib/krb5/data.c3
-rw-r--r--source4/heimdal/lib/krb5/fcache.c7
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c7
-rw-r--r--source4/heimdal/lib/krb5/init_creds.c4
-rw-r--r--source4/heimdal/lib/krb5/init_creds_pw.c29
-rw-r--r--source4/heimdal/lib/krb5/keytab_any.c33
-rw-r--r--source4/heimdal/lib/krb5/keytab_file.c40
-rw-r--r--source4/heimdal/lib/krb5/keytab_keyfile.c3
-rw-r--r--source4/heimdal/lib/krb5/keytab_krb4.c13
-rw-r--r--source4/heimdal/lib/krb5/krb5-private.h14
-rw-r--r--source4/heimdal/lib/krb5/krb5-protos.h2
-rw-r--r--source4/heimdal/lib/krb5/krb5_ccapi.h21
-rw-r--r--source4/heimdal/lib/krb5/krbhst.c7
-rw-r--r--source4/heimdal/lib/krb5/log.c8
-rwxr-xr-xsource4/heimdal/lib/krb5/pkinit.c1732
-rw-r--r--source4/heimdal/lib/krb5/principal.c22
-rw-r--r--source4/heimdal/lib/krb5/rd_cred.c7
-rw-r--r--source4/heimdal/lib/krb5/rd_priv.c8
-rw-r--r--source4/heimdal/lib/krb5/rd_req.c25
-rw-r--r--source4/heimdal/lib/krb5/replay.c10
-rw-r--r--source4/heimdal/lib/krb5/send_to_kdc.c5
-rw-r--r--source4/heimdal/lib/krb5/store.c23
-rw-r--r--source4/heimdal/lib/krb5/transited.c11
-rw-r--r--source4/heimdal/lib/krb5/v4_glue.c19
-rw-r--r--source4/heimdal/lib/roken/resolve.c213
-rw-r--r--source4/heimdal/lib/roken/roken_gethostby.c4
-rw-r--r--source4/heimdal_build/config.mk1
67 files changed, 2996 insertions, 3977 deletions
diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c
index 1642975616..9fcf40a4c2 100644
--- a/source4/heimdal/kdc/524.c
+++ b/source4/heimdal/kdc/524.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $");
+RCSID("$Id: 524.c,v 1.36 2006/04/07 22:12:28 lha Exp $");
#include <krb5-v4compat.h>
@@ -374,19 +374,21 @@ _kdc_do_524(krb5_context context,
/* make reply */
memset(buf, 0, sizeof(buf));
sp = krb5_storage_from_mem(buf, sizeof(buf));
- krb5_store_int32(sp, ret);
- if(ret == 0){
- krb5_store_int32(sp, kvno);
- krb5_store_data(sp, ticket.cipher);
- /* Aargh! This is coded as a KTEXT_ST. */
- krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
- krb5_store_int32(sp, 0); /* mbz */
- free_EncryptedData(&ticket);
- }
- ret = krb5_storage_to_data(sp, reply);
- reply->length = krb5_storage_seek(sp, 0, SEEK_CUR);
- krb5_storage_free(sp);
-
+ if (sp) {
+ krb5_store_int32(sp, ret);
+ if(ret == 0){
+ krb5_store_int32(sp, kvno);
+ krb5_store_data(sp, ticket.cipher);
+ /* Aargh! This is coded as a KTEXT_ST. */
+ krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
+ krb5_store_int32(sp, 0); /* mbz */
+ free_EncryptedData(&ticket);
+ }
+ ret = krb5_storage_to_data(sp, reply);
+ reply->length = krb5_storage_seek(sp, 0, SEEK_CUR);
+ krb5_storage_free(sp);
+ } else
+ krb5_data_zero(reply);
if(spn)
free(spn);
if(server)
diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c
index 069af21660..05fedeca29 100644
--- a/source4/heimdal/kdc/kaserver.c
+++ b/source4/heimdal/kdc/kaserver.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $");
+RCSID("$Id: kaserver.c,v 1.32 2006/04/02 01:54:37 lha Exp $");
#include <krb5-v4compat.h>
#include <rx.h>
@@ -453,8 +453,8 @@ do_authenticate (krb5_context context,
}
ret = _kdc_check_flags (context, config,
- &client_entry->entry, client_name,
- &server_entry->entry, server_name,
+ client_entry, client_name,
+ server_entry, server_name,
TRUE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@@ -752,8 +752,8 @@ do_getticket (krb5_context context,
}
ret = _kdc_check_flags (context, config,
- &client_entry->entry, client_name,
- &server_entry->entry, server_name,
+ client_entry, client_name,
+ server_entry, server_name,
FALSE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h
index 729778a69e..c718b1fd52 100644
--- a/source4/heimdal/kdc/kdc-private.h
+++ b/source4/heimdal/kdc/kdc-private.h
@@ -18,9 +18,9 @@ krb5_error_code
_kdc_check_flags (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
- hdb_entry */*client*/,
+ hdb_entry_ex */*client_ex*/,
const char */*client_name*/,
- hdb_entry */*server*/,
+ hdb_entry_ex */*server_ex*/,
const char */*server_name*/,
krb5_boolean /*is_as_req*/);
@@ -118,7 +118,9 @@ _kdc_pk_initialize (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
const char */*user_id*/,
- const char */*x509_anchors*/);
+ const char */*anchors*/,
+ char **/*pool*/,
+ char **/*revoke*/);
krb5_error_code
_kdc_pk_mk_pa_reply (
diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c
index 72ea41d9e6..030405adc2 100644
--- a/source4/heimdal/kdc/kerberos4.c
+++ b/source4/heimdal/kdc/kerberos4.c
@@ -35,7 +35,7 @@
#include <krb5-v4compat.h>
-RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $");
+RCSID("$Id: kerberos4.c,v 1.57 2006/04/02 01:54:37 lha Exp $");
#ifndef swap32
static u_int32_t
@@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
- &client->entry, client_name,
- &server->entry, server_name,
+ client, client_name,
+ server, server_name,
TRUE);
if (ret) {
/* good error code? */
@@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
- &client->entry, client_name,
- &server->entry, server_name,
+ client, client_name,
+ server, server_name,
FALSE);
if (ret) {
/* good error code? */
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 3f9dcd12f8..68720d692e 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $");
+RCSID("$Id: kerberos5.c,v 1.206 2006/04/02 01:54:37 lha Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@@ -209,6 +209,50 @@ log_timestamp(krb5_context context,
type, authtime_str, starttime_str, endtime_str, renewtime_str);
}
+static void
+log_patypes(krb5_context context,
+ krb5_kdc_configuration *config,
+ METHOD_DATA *padata)
+{
+ struct rk_strpool *p = NULL;
+ char *str;
+ int i;
+
+ for (i = 0; i < padata->len; i++) {
+ switch(padata->val[i].padata_type) {
+ case KRB5_PADATA_PK_AS_REQ:
+ p = rk_strpoolprintf(p, "PK-INIT(ietf)");
+ break;
+ case KRB5_PADATA_PK_AS_REQ_WIN:
+ p = rk_strpoolprintf(p, "PK-INIT(win2k)");
+ break;
+ case KRB5_PADATA_PA_PK_OCSP_RESPONSE:
+ p = rk_strpoolprintf(p, "OCSP");
+ break;
+ case KRB5_PADATA_ENC_TIMESTAMP:
+ p = rk_strpoolprintf(p, "encrypted-timestamp");
+ break;
+ default:
+ p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type);
+ break;
+ }
+ if (p && i + 1 < padata->len)
+ p = rk_strpoolprintf(p, ", ");
+ if (p == NULL) {
+ kdc_log(context, config, 0, "out of memory");
+ return;
+ }
+ }
+ str = rk_strpoolcollect(p);
+ kdc_log(context, config, 0, "Client sent patypes: %s", str);
+ free(str);
+}
+
+/*
+ *
+ */
+
+
static krb5_error_code
encode_reply(krb5_context context,
krb5_kdc_configuration *config,
@@ -642,11 +686,13 @@ get_pa_etype_info2(krb5_context context,
krb5_error_code
_kdc_check_flags(krb5_context context,
krb5_kdc_configuration *config,
- hdb_entry *client, const char *client_name,
- hdb_entry *server, const char *server_name,
+ hdb_entry_ex *client_ex, const char *client_name,
+ hdb_entry_ex *server_ex, const char *server_name,
krb5_boolean is_as_req)
{
- if(client != NULL) {
+ if(client_ex != NULL) {
+ hdb_entry *client = &client_ex->entry;
+
/* check client */
if (client->flags.invalid) {
kdc_log(context, config, 0,
@@ -680,8 +726,8 @@ _kdc_check_flags(krb5_context context,
return KRB5KDC_ERR_NAME_EXP;
}
- if (client->pw_end && *client->pw_end < kdc_time
- && !server->flags.change_pw) {
+ if (client->pw_end && *client->pw_end < kdc_time
+ && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
char pwend_str[100];
krb5_format_time(context, *client->pw_end,
pwend_str, sizeof(pwend_str), TRUE);
@@ -694,7 +740,9 @@ _kdc_check_flags(krb5_context context,
/* check server */
- if (server != NULL) {
+ if (server_ex != NULL) {
+ hdb_entry *server = &server_ex->entry;
+
if (server->flags.invalid) {
kdc_log(context, config, 0,
"Server has invalid flag set -- %s", server_name);
@@ -762,27 +810,28 @@ check_addresses(krb5_context context,
krb5_boolean result;
krb5_boolean only_netbios = TRUE;
int i;
-
+
if(config->check_ticket_addresses == 0)
return TRUE;
- if(addresses == NULL)
+ if(addresses == NULL)
return config->allow_null_ticket_addresses;
-
+
for (i = 0; i < addresses->len; ++i) {
- if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
- only_netbios = FALSE;
- }
+ if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
+ only_netbios = FALSE;
+ }
}
/* Windows sends it's netbios name, which I can only assume is
- * used for the 'allowed workstations' check. This is painful, but
- * we still want to check IP addresses if they happen to be
- * present. */
+ * used for the 'allowed workstations' check. This is painful,
+ * but we still want to check IP addresses if they happen to be
+ * present.
+ */
if(only_netbios)
return config->allow_null_ticket_addresses;
-
+
ret = krb5_sockaddr2address (context, from, &addr);
if(ret)
return FALSE;
@@ -867,8 +916,8 @@ _kdc_as_rep(krb5_context context,
}
ret = _kdc_check_flags(context, config,
- &client->entry, client_name,
- &server->entry, server_name,
+ client, client_name,
+ server, server_name,
TRUE);
if(ret)
goto out;
@@ -884,10 +933,12 @@ _kdc_as_rep(krb5_context context,
memset(&ek, 0, sizeof(ek));
if(req->padata){
- int i = 0;
+ int i;
PA_DATA *pa;
int found_pa = 0;
+ log_patypes(context, config, req->padata);
+
#ifdef PKINIT
kdc_log(context, config, 5,
"Looking for PKINIT pa-data -- %s", client_name);
@@ -1171,7 +1222,7 @@ _kdc_as_rep(krb5_context context,
if (p && i + 1 < b->etype.len)
p = rk_strpoolprintf(p, ", ");
if (p == NULL) {
- kdc_log(context, config, 0, "out of meory");
+ kdc_log(context, config, 0, "out of memory");
goto out;
}
}
@@ -2410,8 +2461,8 @@ tgs_rep2(krb5_context context,
}
ret = _kdc_check_flags(context, config,
- &client->entry, cpn,
- &server->entry, spn,
+ client, cpn,
+ server, spn,
FALSE);
if(ret)
goto out;
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 67934c0745..3f064f9d50 100755
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.59 2006/04/22 12:10:16 lha Exp $");
#ifdef PKINIT
@@ -42,25 +42,17 @@ RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $");
#include <cms_asn1.h>
#include <pkinit_asn1.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
+#include <hx509.h>
+#include "crypto-headers.h"
/* XXX copied from lib/krb5/pkinit.c */
struct krb5_pk_identity {
- EVP_PKEY *private_key;
- STACK_OF(X509) *cert;
- STACK_OF(X509) *trusted_certs;
- STACK_OF(X509_CRL) *crls;
- ENGINE *engine;
-};
-
-/* XXX copied from lib/krb5/pkinit.c */
-struct krb5_pk_cert {
- X509 *cert;
+ hx509_context hx509ctx;
+ hx509_verify_ctx verify_ctx;
+ hx509_certs certs;
+ hx509_certs anchors;
+ hx509_certs certpool;
+ hx509_revoke_ctx revoke;
};
enum pkinit_type {
@@ -71,7 +63,7 @@ enum pkinit_type {
struct pk_client_params {
enum pkinit_type type;
BIGNUM *dh_public_key;
- struct krb5_pk_cert *certificate;
+ hx509_cert cert;
unsigned nonce;
DH *dh;
EncryptionKey reply_key;
@@ -86,29 +78,6 @@ struct pk_principal_mapping {
} *val;
};
-/* XXX copied from lib/krb5/pkinit.c */
-#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \
-{ \
- unsigned char *p; \
- (BL) = i2d_##T((S), NULL); \
- if ((BL) <= 0) { \
- (R) = EINVAL; \
- } else { \
- (B) = malloc((BL)); \
- if ((B) == NULL) { \
- (R) = ENOMEM; \
- } else { \
- p = (B); \
- (R) = 0; \
- (BL) = i2d_##T((S), &p); \
- if ((BL) <= 0) { \
- free((B)); \
- (R) = ASN1_OVERRUN; \
- } \
- } \
- } \
-}
-
static struct krb5_pk_identity *kdc_identity;
static struct pk_principal_mapping principal_mappings;
static struct krb5_dh_moduli **moduli;
@@ -185,59 +154,19 @@ pk_check_pkauthenticator(krb5_context context,
krb5_clear_error_string(context);
ret = KRB5KRB_ERR_GENERIC;
}
+
out:
free_Checksum(&checksum);
return ret;
}
-static krb5_error_code
-pk_encrypt_key(krb5_context context,
- krb5_keyblock *key,
- EVP_PKEY *public_key,
- krb5_data *encrypted_key,
- const heim_oid **oid)
-{
- krb5_error_code ret;
-
- encrypted_key->length = EVP_PKEY_size(public_key);
-
- if (encrypted_key->length < key->keyvalue.length + 11) { /* XXX */
- krb5_set_error_string(context, "pkinit: encrypted key too long");
- return KRB5KRB_ERR_GENERIC;
- }
-
- encrypted_key->data = malloc(encrypted_key->length);
- if (encrypted_key->data == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
-
- ret = EVP_PKEY_encrypt(encrypted_key->data,
- key->keyvalue.data,
- key->keyvalue.length,
- public_key);
- if (ret < 0) {
- free(encrypted_key->data);
- krb5_set_error_string(context, "Can't encrypt key: %s",
- ERR_error_string(ERR_get_error(), NULL));
- return KRB5KRB_ERR_GENERIC;
- }
- if (encrypted_key->length != ret)
- krb5_abortx(context, "size of EVP_PKEY_size is not the "
- "size of the output");
-
- *oid = oid_id_pkcs1_rsaEncryption();
-
- return 0;
-}
-
void
_kdc_pk_free_client_param(krb5_context context,
pk_client_params *client_params)
{
- if (client_params->certificate)
- _krb5_pk_cert_free(client_params->certificate);
+ if (client_params->cert)
+ hx509_cert_free(client_params->cert);
if (client_params->dh)
DH_free(client_params->dh);
if (client_params->dh_public_key)
@@ -261,9 +190,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
memset(&key, 0, sizeof(key));
if (!DH_generate_key(client_params->dh)) {
- krb5_set_error_string(context, "Can't generate Diffie-Hellman "
- "keys (%s)",
- ERR_error_string(ERR_get_error(), NULL));
+ krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
@@ -290,8 +217,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
client_params->dh_public_key,
client_params->dh);
if (dh_gen_keylen == -1) {
- krb5_set_error_string(context, "Can't compute Diffie-Hellman key (%s)",
- ERR_error_string(ERR_get_error(), NULL));
+ krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
@@ -321,7 +247,7 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f)
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
return NULL;
}
- bn->neg = f->negative;
+ BN_set_negative(bn, f->negative);
return bn;
}
@@ -376,8 +302,7 @@ get_dh_param(krb5_context context,
dh = DH_new();
if (dh == NULL) {
- krb5_set_error_string(context, "Cannot create DH structure (%s)",
- ERR_error_string(ERR_get_error(), NULL));
+ krb5_set_error_string(context, "Cannot create DH structure");
ret = ENOMEM;
goto out;
}
@@ -413,9 +338,10 @@ get_dh_param(krb5_context context,
goto out;
}
- if (DH_check(dh, &dhret) != 1) {
- krb5_set_error_string(context, "PKINIT DH data not ok: %s",
- ERR_error_string(ERR_get_error(), NULL));
+
+ if (DH_check_pubkey(dh, client_params->dh_public_key, &dhret) != 1 ||
+ dhret != 0) {
+ krb5_set_error_string(context, "PKINIT DH data not ok");
ret = KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
goto out;
}
@@ -498,11 +424,12 @@ _kdc_pk_rd_padata(krb5_context context,
{
pk_client_params *client_params;
krb5_error_code ret;
- heim_oid eContentType = { 0, NULL };
+ heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
krb5_data eContent = { 0, NULL };
krb5_data signed_content = { 0, NULL };
const char *type = "unknown type";
const heim_oid *pa_contentType;
+ int have_data;
*ret_params = NULL;
@@ -520,7 +447,7 @@ _kdc_pk_rd_padata(krb5_context context,
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
PA_PK_AS_REQ_Win2k r;
- ContentInfo info;
+ int have_data;
type = "PK-INIT-Win2k";
pa_contentType = oid_id_pkcs7_data();
@@ -535,47 +462,20 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
- ret = decode_ContentInfo(r.signed_auth_pack.data,
- r.signed_auth_pack.length, &info, NULL);
+ ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
+ &contentInfoOid,
+ &signed_content,
+ &have_data);
free_PA_PK_AS_REQ_Win2k(&r);
if (ret) {
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
goto out;
}
- if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) {
- krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
- "type oid");
- free_ContentInfo(&info);
- ret = KRB5KRB_ERR_GENERIC;
- goto out;
- }
-
- if (info.content == NULL) {
- krb5_set_error_string(context,
- "PK-AS-REQ-Win2k no signed auth pack");
- free_ContentInfo(&info);
- ret = KRB5KRB_ERR_GENERIC;
- goto out;
- }
-
- signed_content.data = malloc(info.content->length);
- if (signed_content.data == NULL) {
- ret = ENOMEM;
- free_ContentInfo(&info);
- krb5_set_error_string(context, "PK-AS-REQ-Win2k out of memory");
- goto out;
- }
- signed_content.length = info.content->length;
- memcpy(signed_content.data, info.content->data, signed_content.length);
-
- free_ContentInfo(&info);
-
} else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
PA_PK_AS_REQ r;
- ContentInfo info;
- type = "PK-INIT-27";
+ type = "PK-INIT-IETF";
pa_contentType = oid_id_pkauthdata();
ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
@@ -587,43 +487,17 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
- ret = decode_ContentInfo(r.signedAuthPack.data,
- r.signedAuthPack.length, &info, NULL);
- if (ret) {
- krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
- goto out;
- }
-
- if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) {
- krb5_set_error_string(context, "PK-AS-REQ invalid content "
- "type oid");
- free_ContentInfo(&info);
- free_PA_PK_AS_REQ(&r);
- ret = KRB5KRB_ERR_GENERIC;
- goto out;
- }
-
- if (info.content == NULL) {
- krb5_set_error_string(context, "PK-AS-REQ no signed auth pack");
- free_PA_PK_AS_REQ(&r);
- free_ContentInfo(&info);
- ret = KRB5KRB_ERR_GENERIC;
- goto out;
- }
+ /* XXX look at r.trustedCertifiers and r.kdcPkId */
- signed_content.data = malloc(info.content->length);
- if (signed_content.data == NULL) {
- ret = ENOMEM;
- free_ContentInfo(&info);
- free_PA_PK_AS_REQ(&r);
- krb5_set_error_string(context, "PK-AS-REQ out of memory");
+ ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
+ &contentInfoOid,
+ &signed_content,
+ &have_data);
+ free_PA_PK_AS_REQ(&r);
+ if (ret) {
+ krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
goto out;
}
- signed_content.length = info.content->length;
- memcpy(signed_content.data, info.content->data, signed_content.length);
-
- free_ContentInfo(&info);
- free_PA_PK_AS_REQ(&r);
} else {
krb5_clear_error_string(context);
@@ -631,24 +505,51 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
- ret = _krb5_pk_verify_sign(context,
- signed_content.data,
- signed_content.length,
- kdc_identity,
- &eContentType,
- &eContent,
- &client_params->certificate);
- if (ret)
+ ret = heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
+ if (ret != 0) {
+ krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
+ "type oid");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+
+ if (!have_data) {
+ krb5_set_error_string(context,
+ "PK-AS-REQ-Win2k no signed auth pack");
+ ret = KRB5KRB_ERR_GENERIC;
goto out;
+ }
+
+ {
+ hx509_certs signer_certs;
+
+ ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
+ kdc_identity->verify_ctx,
+ signed_content.data,
+ signed_content.length,
+ kdc_identity->certpool,
+ &eContentType,
+ &eContent,
+ &signer_certs);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "PK-INIT failed to verify signature %d", ret);
+ goto out;
+ }
+
+ ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
+ &client_params->cert);
+ hx509_certs_free(&signer_certs);
+ if (ret)
+ goto out;
+ }
-#if 0
/* Signature is correct, now verify the signed message */
if (heim_oid_cmp(&eContentType, pa_contentType)) {
krb5_set_error_string(context, "got wrong oid for pkauthdata");
ret = KRB5_BADMSGTYPE;
goto out;
}
-#endif
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
AuthPack_Win2k ap;
@@ -716,19 +617,15 @@ _kdc_pk_rd_padata(krb5_context context,
} else
krb5_abortx(context, "internal pkinit error");
- /*
- * Remaining fields (ie kdcCert and encryptionCert) in the request
- * are ignored for now.
- */
-
kdc_log(context, config, 0, "PK-INIT request of type %s", type);
- out:
+out:
if (signed_content.data)
free(signed_content.data);
krb5_data_free(&eContent);
free_oid(&eContentType);
+ free_oid(&contentInfoOid);
if (ret)
_kdc_pk_free_client_param(context, client_params);
else
@@ -750,7 +647,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
return ENOMEM;
}
BN_bn2bin(bn, integer->data);
- integer->negative = bn->neg;
+ integer->negative = BN_is_negative(bn);
return 0;
}
@@ -762,78 +659,11 @@ pk_mk_pa_reply_enckey(krb5_context context,
krb5_keyblock *reply_key,
ContentInfo *content_info)
{
- KeyTransRecipientInfo *ri;
- EnvelopedData ed;
krb5_error_code ret;
- krb5_crypto crypto = NULL;
- krb5_data buf, sd_data, enc_sd_data, iv, params;
- krb5_keyblock tmp_key;
- krb5_enctype enveloped_enctype;
- X509_NAME *issuer_name;
- heim_integer *serial;
+ krb5_data buf, o;
size_t size;
- AlgorithmIdentifier *enc_alg;
- int i;
-
- krb5_data_zero(&enc_sd_data);
- krb5_data_zero(&sd_data);
- krb5_data_zero(&iv);
-
- memset(&tmp_key, 0, sizeof(tmp_key));
- memset(&ed, 0, sizeof(ed));
-
- /* default to DES3 if client doesn't tell us */
- enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS;
-
- for (i = 0; i < req->req_body.etype.len; i++) {
- switch(req->req_body.etype.val[i]) {
- case 15: /* des-ede3-cbc-Env-OID */
- enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS;
- break;
- default:
- break;
- }
- }
-
- ret = krb5_generate_random_keyblock(context, enveloped_enctype, &tmp_key);
- if (ret)
- goto out;
- ret = krb5_crypto_init(context, &tmp_key, 0, &crypto);
- if (ret)
- goto out;
-
-
- ret = krb5_crypto_getblocksize(context, crypto, &iv.length);
- if (ret)
- goto out;
-
- ret = krb5_data_alloc(&iv, iv.length);
- if (ret) {
- krb5_set_error_string(context, "malloc out of memory");
- goto out;
- }
-
- krb5_generate_random_block(iv.data, iv.length);
-
- enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
-
- ret = krb5_enctype_to_oid(context, enveloped_enctype, &enc_alg->algorithm);
- if (ret)
- goto out;
-
- ret = krb5_crypto_set_params(context, crypto, &iv, &params);
- if (ret)
- goto out;
-
- ALLOC(enc_alg->parameters);
- if (enc_alg->parameters == NULL) {
- krb5_data_free(&params);
- krb5_set_error_string(context, "malloc out of memory");
- return ENOMEM;
- }
- enc_alg->parameters->data = params.data;
- enc_alg->parameters->length = params.length;
+ krb5_data_zero(&buf);
switch (client_params->type) {
case PKINIT_COMPAT_WIN2K: {
@@ -897,139 +727,21 @@ pk_mk_pa_reply_enckey(krb5_context context,
if (buf.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
- /*
- * CRL's are not transfered -- should be ?
- */
-
- ret = _krb5_pk_create_sign(context,
- oid_id_pkrkeydata(),
- &buf,
- kdc_identity,
- &sd_data);
- krb5_data_free(&buf);
- if (ret)
- goto out;
-
- ret = krb5_encrypt_ivec(context, crypto, 0,
- sd_data.data, sd_data.length,
- &enc_sd_data,
- iv.data);
-
- ALLOC_SEQ(&ed.recipientInfos, 1);
- if (ed.recipientInfos.val == NULL) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
- }
-
- ri = &ed.recipientInfos.val[0];
-
- ri->version = 0;
- ri->rid.element = choice_CMSIdentifier_issuerAndSerialNumber;
-
- issuer_name = X509_get_issuer_name(client_params->certificate->cert);
- OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, buf.data, buf.length,
- issuer_name, ret);
- if (ret) {
- krb5_clear_error_string(context);
- goto out;
- }
- ret = decode_Name(buf.data, buf.length,
- &ri->rid.u.issuerAndSerialNumber.issuer,
- NULL);
- free(buf.data);
- if (ret) {
- krb5_set_error_string(context, "pkinit: failed to parse Name");
- goto out;
- }
-
- serial = &ri->rid.u.issuerAndSerialNumber.serialNumber;
- {
- ASN1_INTEGER *isn;
- BIGNUM *bn;
-
- isn = X509_get_serialNumber(client_params->certificate->cert);
- bn = ASN1_INTEGER_to_BN(isn, NULL);
- if (bn == NULL) {
- ret = ENOMEM;
- krb5_clear_error_string(context);
- goto out;
- }
- ret = BN_to_integer(context, bn, serial);
- BN_free(bn);
- if (ret) {
- krb5_clear_error_string(context);
- goto out;
- }
- }
-
- {
- const heim_oid *pk_enc_key_oid;
- krb5_data enc_tmp_key;
-
- ret = pk_encrypt_key(context, &tmp_key,
- X509_get_pubkey(client_params->certificate->cert),
- &enc_tmp_key,
- &pk_enc_key_oid);
- if (ret)
- goto out;
-
- ri->encryptedKey.length = enc_tmp_key.length;
- ri->encryptedKey.data = enc_tmp_key.data;
-
- ret = copy_oid(pk_enc_key_oid, &ri->keyEncryptionAlgorithm.algorithm);
- if (ret)
- goto out;
- }
-
- /*
- *
- */
-
- ed.version = 0;
- ed.originatorInfo = NULL;
-
- ret = copy_oid(oid_id_pkcs7_signedData(), &ed.encryptedContentInfo.contentType);
- if (ret) {
- krb5_clear_error_string(context);
- goto out;
- }
-
- ALLOC(ed.encryptedContentInfo.encryptedContent);
- if (ed.encryptedContentInfo.encryptedContent == NULL) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
- }
-
- ed.encryptedContentInfo.encryptedContent->data = enc_sd_data.data;
- ed.encryptedContentInfo.encryptedContent->length = enc_sd_data.length;
- krb5_data_zero(&enc_sd_data);
-
- ed.unprotectedAttrs = NULL;
-
- ASN1_MALLOC_ENCODE(EnvelopedData, buf.data, buf.length, &ed, &size, ret);
- if (ret) {
- krb5_set_error_string(context,
- "ASN.1 encoding of EnvelopedData failed (%d)",
- ret);
+ ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
+ client_params->cert,
+ buf.data, buf.length, NULL,
+ oid_id_pkcs7_signedData(), &o);
+ if (ret)
goto out;
- }
-
+
ret = _krb5_pk_mk_ContentInfo(context,
- &buf,
+ &o,
oid_id_pkcs7_envelopedData(),
content_info);
- krb5_data_free(&buf);
+ free_octet_string(&o);
out:
- if (crypto)
- krb5_crypto_destroy(context, crypto);
- krb5_free_keyblock_contents(context, &tmp_key);
- krb5_data_free(&enc_sd_data);
- krb5_data_free(&iv);
- free_EnvelopedData(&ed);
-
+ krb5_data_free(&buf);
return ret;
}
@@ -1044,37 +756,32 @@ pk_mk_pa_reply_dh(krb5_context context,
krb5_keyblock *reply_key,
ContentInfo *content_info)
{
- ASN1_INTEGER *dh_pub_key = NULL;
- ContentInfo contentinfo;
KDCDHKeyInfo dh_info;
+ krb5_data signed_data, buf;
+ ContentInfo contentinfo;
krb5_error_code ret;
- SignedData sd;
- krb5_data buf, signed_data;
size_t size;
+ heim_integer i;
memset(&contentinfo, 0, sizeof(contentinfo));
memset(&dh_info, 0, sizeof(dh_info));
- memset(&sd, 0, sizeof(sd));
krb5_data_zero(&buf);
krb5_data_zero(&signed_data);
- dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL);
- if (dh_pub_key == NULL) {
- krb5_set_error_string(context, "BN_to_ASN1_INTEGER() failed (%s)",
- ERR_error_string(ERR_get_error(), NULL));
- ret = ENOMEM;
- goto out;
- }
+ ret = BN_to_integer(context, kdc_dh->pub_key, &i);
+ if (ret)
+ return ret;
- OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, buf.data, buf.length, dh_pub_key,
- ret);
- ASN1_INTEGER_free(dh_pub_key);
+ ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
if (ret) {
- krb5_set_error_string(context, "Encoding of ASN1_INTEGER failed (%s)",
- ERR_error_string(ERR_get_error(), NULL));
- goto out;
+ krb5_set_error_string(context, "ASN.1 encoding of "
+ "DHPublicKey failed (%d)", ret);
+ krb5_clear_error_string(context);
+ return ret;
}
-
+ if (buf.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
dh_info.subjectPublicKey.length = buf.length * 8;
dh_info.subjectPublicKey.data = buf.data;
@@ -1095,12 +802,36 @@ pk_mk_pa_reply_dh(krb5_context context,
* filled in above
*/
- ret = _krb5_pk_create_sign(context,
- oid_id_pkdhkeydata(),
- &buf,
- kdc_identity,
- &signed_data);
- krb5_data_free(&buf);
+ {
+ hx509_cert cert;
+ hx509_query *q;
+
+ ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
+ if (ret)
+ goto out;
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+
+ ret = hx509_certs_find(kdc_identity->hx509ctx,
+ kdc_identity->certs,
+ q,
+ &cert);
+ hx509_query_free(kdc_identity->hx509ctx, q);
+ if (ret)
+ goto out;
+
+ ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
+ oid_id_pkdhkeydata(),
+ buf.data,
+ buf.length,
+ NULL,
+ cert,
+ kdc_identity->anchors,
+ kdc_identity->certpool,
+ &signed_data);
+ hx509_cert_free(cert);
+ }
if (ret)
goto out;
@@ -1112,6 +843,7 @@ pk_mk_pa_reply_dh(krb5_context context,
goto out;
out:
+ krb5_data_free(&buf);
krb5_data_free(&signed_data);
free_KDCDHKeyInfo(&dh_info);
@@ -1322,62 +1054,59 @@ _kdc_pk_mk_pa_reply(krb5_context context,
static int
pk_principal_from_X509(krb5_context context,
krb5_kdc_configuration *config,
- struct krb5_pk_cert *client_cert,
- krb5_principal *principal)
+ hx509_cert client_cert,
+ krb5_const_principal match)
{
- krb5_error_code ret;
- GENERAL_NAMES *gens;
- GENERAL_NAME *gen;
- ASN1_OBJECT *obj;
- int i;
+ hx509_octet_string_list list;
+ int ret, i, found = 0;
- *principal = NULL;
+ memset(&list, 0 , sizeof(list));
- obj = OBJ_txt2obj("1.3.6.1.5.2.2",1);
-
- gens = X509_get_ext_d2i(client_cert->cert, NID_subject_alt_name,
- NULL, NULL);
- if (gens == NULL)
- return 1;
+ ret = hx509_cert_find_subjectAltName_otherName(client_cert,
+ oid_id_pkinit_san(),
+ &list);
+ if (ret)
+ goto out;
- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+ for (i = 0; !found && i < list.len; i++) {
+ krb5_principal_data principal;
KRB5PrincipalName kn;
- size_t len, size;
- void *p;
-
- gen = sk_GENERAL_NAME_value(gens, i);
- if (gen->type != GEN_OTHERNAME)
- continue;
-
- if(OBJ_cmp(obj, gen->d.otherName->type_id) != 0)
- continue;
-
- p = ASN1_STRING_data(gen->d.otherName->value->value.sequence);
- len = ASN1_STRING_length(gen->d.otherName->value->value.sequence);
+ size_t size;
- ret = decode_KRB5PrincipalName(p, len, &kn, &size);
+ ret = decode_KRB5PrincipalName(list.val[i].data,
+ list.val[i].length,
+ &kn, &size);
if (ret) {
kdc_log(context, config, 0,
"Decoding kerberos name in certificate failed: %s",
krb5_get_err_text(context, ret));
- continue;
+ break;
}
-
- *principal = malloc(sizeof(**principal));
- if (*principal == NULL) {
- free_KRB5PrincipalName(&kn);
- return 1;
+ if (size != list.val[i].length) {
+ kdc_log(context, config, 0,
+ "Decoding kerberos name have extra bits on the end");
+ return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
}
- (*principal)->name = kn.principalName;
- (*principal)->realm = kn.realm;
- return 0;
+ principal.name = kn.principalName;
+ principal.realm = kn.realm;
+
+ if (krb5_principal_compare(context, &principal, match) == TRUE)
+ found = 1;
+ free_KRB5PrincipalName(&kn);
}
- return 1;
-}
+out:
+ hx509_free_octet_string_list(&list);
+ if (ret)
+ return ret;
+
+ if (!found)
+ return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
+
+ return 0;
+}
-/* XXX match with issuer too ? */
krb5_error_code
_kdc_pk_check_client(krb5_context context,
@@ -1387,45 +1116,34 @@ _kdc_pk_check_client(krb5_context context,
pk_client_params *client_params,
char **subject_name)
{
- struct krb5_pk_cert *client_cert = client_params->certificate;
- krb5_principal cert_princ;
- X509_NAME *name;
- char *subject = NULL;
krb5_error_code ret;
- krb5_boolean b;
+ hx509_name name;
int i;
- *subject_name = NULL;
-
- name = X509_get_subject_name(client_cert->cert);
- if (name == NULL) {
- krb5_set_error_string(context, "PKINIT can't get subject name");
- return ENOMEM;
- }
- subject = X509_NAME_oneline(name, NULL, 0);
- if (subject == NULL) {
- krb5_set_error_string(context, "PKINIT can't get subject name");
- return ENOMEM;
- }
- *subject_name = strdup(subject);
- if (*subject_name == NULL) {
- krb5_set_error_string(context, "out of memory");
- return ENOMEM;
- }
- OPENSSL_free(subject);
-
if (config->enable_pkinit_princ_in_cert) {
ret = pk_principal_from_X509(context, config,
- client_cert, &cert_princ);
- if (ret == 0) {
- b = krb5_principal_compare(context, client_princ, cert_princ);
- krb5_free_principal(context, cert_princ);
- if (b == TRUE)
- return 0;
- }
+ client_params->cert,
+ client_princ);
+ if (ret == 0)
+ return 0;
}
+ ret = hx509_cert_get_subject(client_params->cert, &name);
+ if (ret)
+ return ret;
+
+ ret = hx509_name_to_string(name, subject_name);
+ hx509_name_free(&name);
+ if (ret)
+ return ret;
+
+ kdc_log(context, config, 5,
+ "Trying to authorize subject DN %s",
+ *subject_name);
+
for (i = 0; i < principal_mappings.len; i++) {
+ krb5_boolean b;
+
b = krb5_principal_compare(context,
client_princ,
principal_mappings.val[i].principal);
@@ -1436,6 +1154,7 @@ _kdc_pk_check_client(krb5_context context,
return 0;
}
free(*subject_name);
+
*subject_name = NULL;
krb5_set_error_string(context, "PKINIT no matching principals");
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
@@ -1477,7 +1196,9 @@ krb5_error_code
_kdc_pk_initialize(krb5_context context,
krb5_kdc_configuration *config,
const char *user_id,
- const char *x509_anchors)
+ const char *anchors,
+ char **pool,
+ char **revoke)
{
const char *file;
krb5_error_code ret;
@@ -1495,13 +1216,15 @@ _kdc_pk_initialize(krb5_context context,
principal_mappings.len = 0;
principal_mappings.val = NULL;
- ret = _krb5_pk_load_openssl_id(context,
- &kdc_identity,
- user_id,
- x509_anchors,
- NULL,
- NULL,
- NULL);
+ ret = _krb5_pk_load_id(context,
+ &kdc_identity,
+ user_id,
+ anchors,
+ pool,
+ revoke,
+ NULL,
+ NULL,
+ NULL);
if (ret) {
krb5_warn(context, ret, "PKINIT: failed to load");
config->enable_pkinit = 0;
diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/CMS.asn1
index 5c8b71da1a..78873761b6 100644
--- a/source4/heimdal/lib/asn1/CMS.asn1
+++ b/source4/heimdal/lib/asn1/CMS.asn1
@@ -1,5 +1,5 @@
-- From RFC 3369 --
--- $Id: CMS.asn1,v 1.3 2005/07/23 10:37:13 lha Exp $ --
+-- $Id: CMS.asn1,v 1.4 2006/04/15 10:53:25 lha Exp $ --
CMS DEFINITIONS ::= BEGIN
@@ -142,7 +142,7 @@ EnvelopedData ::= SEQUENCE {
-- Data ::= OCTET STRING
CMSRC2CBCParameter ::= SEQUENCE {
- rc2ParameterVersion INTEGER,
+ rc2ParameterVersion INTEGER (0..4294967295),
iv OCTET STRING -- exactly 8 octets
}
diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1
index 7d012ed6f8..057f571bac 100644
--- a/source4/heimdal/lib/asn1/canthandle.asn1
+++ b/source4/heimdal/lib/asn1/canthandle.asn1
@@ -1,4 +1,4 @@
--- $Id: canthandle.asn1,v 1.5 2005/08/11 14:07:21 lha Exp $ --
+-- $Id: canthandle.asn1,v 1.6 2006/01/18 19:12:33 lha Exp $ --
CANTHANDLE DEFINITIONS ::= BEGIN
@@ -31,10 +31,4 @@ Bar ::= SEQUENCE {
Baz ::= SET OF INTEGER
--- Allocation is done on CONTEXT tags.
-
-Alloc ::= SEQUENCE {
- a heim_any OPTIONAL
-}
-
END
diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c
index 2a6fecebbb..3d7c3983ac 100644
--- a/source4/heimdal/lib/asn1/gen.c
+++ b/source4/heimdal/lib/asn1/gen.c
@@ -33,7 +33,7 @@
#include "gen_locl.h"
-RCSID("$Id: gen.c,v 1.65 2006/03/08 12:29:34 lha Exp $");
+RCSID("$Id: gen.c,v 1.67 2006/03/31 02:52:21 lha Exp $");
FILE *headerfile, *codefile, *logfile;
@@ -62,6 +62,8 @@ add_import (const char *module)
tmp->module = module;
tmp->next = imports;
imports = tmp;
+
+ fprintf (headerfile, "#include <%s_asn1.h>\n", module);
}
const char *
@@ -223,7 +225,6 @@ gen_compare_defval(const char *var, struct value *val)
static void
generate_header_of_codefile(const char *name)
{
- struct import *i;
char *filename;
if (codefile != NULL)
@@ -248,10 +249,6 @@ generate_header_of_codefile(const char *name)
"#include <krb5-types.h>\n",
orig_filename);
- for (i = imports; i != NULL; i = i->next)
- fprintf (codefile,
- "#include <%s_asn1.h>\n",
- i->module);
fprintf (codefile,
"#include <%s.h>\n",
headerbase);
diff --git a/source4/heimdal/lib/asn1/hash.c b/source4/heimdal/lib/asn1/hash.c
index 7926541c19..f03d6b856b 100644
--- a/source4/heimdal/lib/asn1/hash.c
+++ b/source4/heimdal/lib/asn1/hash.c
@@ -37,7 +37,7 @@
#include "gen_locl.h"
-RCSID("$Id: hash.c,v 1.10 2005/07/12 06:27:30 lha Exp $");
+RCSID("$Id: hash.c,v 1.11 2006/04/07 22:16:00 lha Exp $");
static Hashentry *_search(Hashtab * htab, /* The hash table */
void *ptr); /* And key */
@@ -53,17 +53,16 @@ hashtabnew(int sz,
assert(sz > 0);
htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *));
+ if (htab == NULL)
+ return NULL;
+
for (i = 0; i < sz; ++i)
htab->tab[i] = NULL;
- if (htab == NULL) {
- return NULL;
- } else {
- htab->cmp = cmp;
- htab->hash = hash;
- htab->sz = sz;
- return htab;
- }
+ htab->cmp = cmp;
+ htab->hash = hash;
+ htab->sz = sz;
+ return htab;
}
/* Intern search function */
diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1
index aa3e0b806d..e314adee0e 100644
--- a/source4/heimdal/lib/asn1/k5.asn1
+++ b/source4/heimdal/lib/asn1/k5.asn1
@@ -1,4 +1,4 @@
--- $Id: k5.asn1,v 1.46 2005/08/22 19:09:25 lha Exp $
+-- $Id: k5.asn1,v 1.47 2006/03/27 22:52:11 lha Exp $
KERBEROS5 DEFINITIONS ::=
BEGIN
@@ -56,6 +56,7 @@ PADATA-TYPE ::= INTEGER {
KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number)
KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
+ KRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
KRB5-PADATA-ETYPE-INFO2(19),
KRB5-PADATA-USE-SPECIFIED-KVNO(20),
KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c
index 3e58650685..b4814f073f 100644
--- a/source4/heimdal/lib/asn1/lex.c
+++ b/source4/heimdal/lib/asn1/lex.c
@@ -1,85 +1,32 @@
+/* A lexical scanner generated by flex*/
-#line 3 "lex.yy.c"
-
-#define YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
+/* Scanner skeleton version:
+ * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $
+ */
#define FLEX_SCANNER
#define YY_FLEX_MAJOR_VERSION 2
#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 31
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with platform-specific or compiler-specific issues. */
-/* begin standard C headers. */
#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+#include <unistd.h>
-#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t;
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX (65535U)
+/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
+#ifdef c_plusplus
+#ifndef __cplusplus
+#define __cplusplus
#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX (4294967295U)
#endif
-#endif /* ! FLEXINT_H */
#ifdef __cplusplus
+#include <stdlib.h>
+
+/* Use prototypes in function declarations. */
+#define YY_USE_PROTOS
+
/* The "const" storage-class-modifier is valid. */
#define YY_USE_CONST
@@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t;
#if __STDC__
+#define YY_USE_PROTOS
#define YY_USE_CONST
#endif /* __STDC__ */
#endif /* ! __cplusplus */
+#ifdef __TURBOC__
+ #pragma warn -rch
+ #pragma warn -use
+#include <io.h>
+#include <stdlib.h>
+#define YY_USE_CONST
+#define YY_USE_PROTOS
+#endif
+
#ifdef YY_USE_CONST
#define yyconst const
#else
#define yyconst
#endif
+
+#ifdef YY_USE_PROTOS
+#define YY_PROTO(proto) proto
+#else
+#define YY_PROTO(proto) ()
+#endif
+
/* Returned upon end-of-file. */
#define YY_NULL 0
@@ -112,71 +76,80 @@ typedef unsigned int flex_uint32_t;
* but we do it the disgusting crufty way forced on us by the ()-less
* definition of BEGIN.
*/
-#define BEGIN (yy_start) = 1 + 2 *
+#define BEGIN yy_start = 1 + 2 *
/* Translate the current start state into a value that can be later handed
* to BEGIN to return to the state. The YYSTATE alias is for lex
* compatibility.
*/
-#define YY_START (((yy_start) - 1) / 2)
+#define YY_START ((yy_start - 1) / 2)
#define YYSTATE YY_START
/* Action number for EOF rule of a given start state. */
#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin )
+#define YY_NEW_FILE yyrestart( yyin )
#define YY_END_OF_BUFFER_CHAR 0
/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
#define YY_BUF_SIZE 16384
-#endif
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
extern int yyleng;
-
extern FILE *yyin, *yyout;
#define EOB_ACT_CONTINUE_SCAN 0
#define EOB_ACT_END_OF_FILE 1
#define EOB_ACT_LAST_MATCH 2
- #define YY_LESS_LINENO(n)
-
-/* Return all but the first "n" matched characters back to the input stream. */
+/* The funky do-while in the following #define is used to turn the definition
+ * int a single C statement (which needs a semi-colon terminator). This
+ * avoids problems with code like:
+ *
+ * if ( condition_holds )
+ * yyless( 5 );
+ * else
+ * do_something_else();
+ *
+ * Prior to using the do-while the compiler would get upset at the
+ * "else" because it interpreted the "if" statement as being all
+ * done when it reached the ';' after the yyless() call.
+ */
+
+/* Return all but the first 'n' matched characters back to the input stream. */
+
#define yyless(n) \
do \
{ \
/* Undo effects of setting up yytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- *yy_cp = (yy_hold_char); \
+ *yy_cp = yy_hold_char; \
YY_RESTORE_YY_MORE_OFFSET \
- (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+ yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
YY_DO_BEFORE_ACTION; /* set up yytext again */ \
} \
while ( 0 )
-#define unput(c) yyunput( c, (yytext_ptr) )
+#define unput(c) yyunput( c, yytext_ptr )
+
+/* Some routines like yy_flex_realloc() are emitted as static but are
+ not called by all lexers. This generates warnings in some compilers,
+ notably GCC. Arrange to suppress these. */
+#ifdef __GNUC__
+#define YY_MAY_BE_UNUSED __attribute__((unused))
+#else
+#define YY_MAY_BE_UNUSED
+#endif
/* The following is because we cannot portably get our hands on size_t
* (without autoconf's help, which isn't available because we want
* flex-generated scanners to compile on their own).
*/
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
typedef unsigned int yy_size_t;
-#endif
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
+
struct yy_buffer_state
{
FILE *yy_input_file;
@@ -213,16 +186,12 @@ struct yy_buffer_state
*/
int yy_at_bol;
- int yy_bs_lineno; /**< The line count. */
- int yy_bs_column; /**< The column count. */
-
/* Whether to try to fill the input buffer when we reach the
* end of it.
*/
int yy_fill_buffer;
int yy_buffer_status;
-
#define YY_BUFFER_NEW 0
#define YY_BUFFER_NORMAL 1
/* When an EOF's been seen but there's still some text to process
@@ -236,33 +205,23 @@ struct yy_buffer_state
* just pointing yyin at a new input file.
*/
#define YY_BUFFER_EOF_PENDING 2
-
};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+static YY_BUFFER_STATE yy_current_buffer = 0;
/* We provide macros for accessing buffer states in case in the
* future we want to put the buffer states in a more general
* "scanner state".
- *
- * Returns the top of the stack, or NULL.
*/
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
- ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
- : NULL)
+#define YY_CURRENT_BUFFER yy_current_buffer
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
/* yy_hold_char holds the character lost when yytext is formed. */
static char yy_hold_char;
+
static int yy_n_chars; /* number of characters read into yy_ch_buf */
+
+
int yyleng;
/* Points to current character in buffer. */
@@ -275,92 +234,66 @@ static int yy_start = 0; /* start state number */
*/
static int yy_did_buffer_switch_on_eof;
-void yyrestart (FILE *input_file );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
-void yy_delete_buffer (YY_BUFFER_STATE b );
-void yy_flush_buffer (YY_BUFFER_STATE b );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
+void yyrestart YY_PROTO(( FILE *input_file ));
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
+void yy_load_buffer_state YY_PROTO(( void ));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
+void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
+void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len );
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
+YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
-void *yyalloc (yy_size_t );
-void *yyrealloc (void *,yy_size_t );
-void yyfree (void * );
+static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
+static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED;
+static void yy_flex_free YY_PROTO(( void * ));
#define yy_new_buffer yy_create_buffer
#define yy_set_interactive(is_interactive) \
{ \
- if ( ! YY_CURRENT_BUFFER ){ \
- yyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- yy_create_buffer(yyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ if ( ! yy_current_buffer ) \
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ yy_current_buffer->yy_is_interactive = is_interactive; \
}
#define yy_set_bol(at_bol) \
{ \
- if ( ! YY_CURRENT_BUFFER ){\
- yyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- yy_create_buffer(yyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ if ( ! yy_current_buffer ) \
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ yy_current_buffer->yy_at_bol = at_bol; \
}
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
+#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
typedef unsigned char YY_CHAR;
-
FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
extern char *yytext;
#define yytext_ptr yytext
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[] );
+static yy_state_type yy_get_previous_state YY_PROTO(( void ));
+static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
+static int yy_get_next_buffer YY_PROTO(( void ));
+static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
/* Done after the current pattern has been matched and before the
* corresponding action - sets up yytext.
*/
#define YY_DO_BEFORE_ACTION \
- (yytext_ptr) = yy_bp; \
- yyleng = (size_t) (yy_cp - yy_bp); \
- (yy_hold_char) = *yy_cp; \
+ yytext_ptr = yy_bp; \
+ yyleng = (int) (yy_cp - yy_bp); \
+ yy_hold_char = *yy_cp; \
*yy_cp = '\0'; \
- (yy_c_buf_p) = yy_cp;
+ yy_c_buf_p = yy_cp;
#define YY_NUM_RULES 95
#define YY_END_OF_BUFFER 96
-/* This struct is not used in this scanner,
- but its presence is necessary. */
-struct yy_trans_info
- {
- flex_int32_t yy_verify;
- flex_int32_t yy_nxt;
- };
-static yyconst flex_int16_t yy_accept[568] =
+static yyconst short int yy_accept[568] =
{ 0,
0, 0, 96, 94, 90, 91, 87, 81, 81, 94,
94, 88, 88, 94, 89, 89, 89, 89, 89, 89,
@@ -426,7 +359,7 @@ static yyconst flex_int16_t yy_accept[568] =
32, 89, 59, 70, 77, 53, 0
} ;
-static yyconst flex_int32_t yy_ec[256] =
+static yyconst int yy_ec[256] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -458,7 +391,7 @@ static yyconst flex_int32_t yy_ec[256] =
1, 1, 1, 1, 1
} ;
-static yyconst flex_int32_t yy_meta[70] =
+static yyconst int yy_meta[70] =
{ 0,
1, 1, 1, 1, 1, 1, 2, 1, 1, 3,
3, 3, 3, 3, 3, 3, 1, 1, 3, 3,
@@ -469,7 +402,7 @@ static yyconst flex_int32_t yy_meta[70] =
2, 2, 2, 2, 2, 2, 2, 2, 2
} ;
-static yyconst flex_int16_t yy_base[570] =
+static yyconst short int yy_base[570] =
{ 0,
0, 0, 636, 637, 637, 637, 637, 637, 63, 627,
628, 70, 77, 616, 74, 72, 76, 609, 65, 81,
@@ -535,7 +468,7 @@ static yyconst flex_int16_t yy_base[570] =
0, 101, 0, 0, 0, 0, 637, 223, 69
} ;
-static yyconst flex_int16_t yy_def[570] =
+static yyconst short int yy_def[570] =
{ 0,
567, 1, 567, 567, 567, 567, 567, 567, 567, 567,
567, 567, 567, 567, 568, 568, 568, 568, 568, 568,
@@ -601,7 +534,7 @@ static yyconst flex_int16_t yy_def[570] =
568, 568, 568, 568, 568, 568, 0, 567, 567
} ;
-static yyconst flex_int16_t yy_nxt[707] =
+static yyconst short int yy_nxt[707] =
{ 0,
4, 5, 6, 7, 8, 4, 9, 10, 11, 12,
13, 13, 13, 13, 13, 13, 14, 4, 15, 16,
@@ -683,7 +616,7 @@ static yyconst flex_int16_t yy_nxt[707] =
567, 567, 567, 567, 567, 567
} ;
-static yyconst flex_int16_t yy_chk[707] =
+static yyconst short int yy_chk[707] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -768,9 +701,6 @@ static yyconst flex_int16_t yy_chk[707] =
static yy_state_type yy_last_accepting_state;
static char *yy_last_accepting_cpos;
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
/* The intent behind this definition is that it'll catch
* any uses of REJECT which flex missed.
*/
@@ -780,6 +710,7 @@ int yy_flex_debug = 0;
#define YY_RESTORE_YY_MORE_OFFSET
char *yytext;
#line 1 "lex.l"
+#define INITIAL 0
#line 2 "lex.l"
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
@@ -838,21 +769,7 @@ static unsigned lineno = 1;
static void unterminated(const char *, unsigned);
-#line 842 "lex.yy.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
+#line 773 "lex.c"
/* Macros after this point can all be overridden by user definitions in
* section 1.
@@ -860,30 +777,65 @@ static void unterminated(const char *, unsigned);
#ifndef YY_SKIP_YYWRAP
#ifdef __cplusplus
-extern "C" int yywrap (void );
+extern "C" int yywrap YY_PROTO(( void ));
#else
-extern int yywrap (void );
+extern int yywrap YY_PROTO(( void ));
#endif
#endif
- static void yyunput (int c,char *buf_ptr );
-
+#ifndef YY_NO_UNPUT
+static void yyunput YY_PROTO(( int c, char *buf_ptr ));
+#endif
+
#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
+static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
#endif
#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
+static int yy_flex_strlen YY_PROTO(( yyconst char * ));
#endif
#ifndef YY_NO_INPUT
-
#ifdef __cplusplus
-static int yyinput (void );
+static int yyinput YY_PROTO(( void ));
#else
-static int input (void );
+static int input YY_PROTO(( void ));
+#endif
+#endif
+
+#if YY_STACK_USED
+static int yy_start_stack_ptr = 0;
+static int yy_start_stack_depth = 0;
+static int *yy_start_stack = 0;
+#ifndef YY_NO_PUSH_STATE
+static void yy_push_state YY_PROTO(( int new_state ));
+#endif
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state YY_PROTO(( void ));
+#endif
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state YY_PROTO(( void ));
#endif
+#else
+#define YY_NO_PUSH_STATE 1
+#define YY_NO_POP_STATE 1
+#define YY_NO_TOP_STATE 1
+#endif
+
+#ifdef YY_MALLOC_DECL
+YY_MALLOC_DECL
+#else
+#if __STDC__
+#ifndef __cplusplus
+#include <stdlib.h>
+#endif
+#else
+/* Just try to get by without declaring the routines. This will fail
+ * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
+ * or sizeof(void*) != sizeof(int).
+ */
+#endif
#endif
/* Amount of stuff to slurp up with each read. */
@@ -892,6 +844,7 @@ static int input (void );
#endif
/* Copy whatever the last rule matched to the standard output. */
+
#ifndef ECHO
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
@@ -904,10 +857,9 @@ static int input (void );
*/
#ifndef YY_INPUT
#define YY_INPUT(buf,result,max_size) \
- if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ if ( yy_current_buffer->yy_is_interactive ) \
{ \
- int c = '*'; \
- size_t n; \
+ int c = '*', n; \
for ( n = 0; n < max_size && \
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
buf[n] = (char) c; \
@@ -917,22 +869,9 @@ static int input (void );
YY_FATAL_ERROR( "input in flex scanner failed" ); \
result = n; \
} \
- else \
- { \
- errno=0; \
- while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
- { \
- if( errno != EINTR) \
- { \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- break; \
- } \
- errno=0; \
- clearerr(yyin); \
- } \
- }\
-\
-
+ else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
+ && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" );
#endif
/* No semi-colon after return; correct usage is to write "yyterminate();" -
@@ -953,18 +892,12 @@ static int input (void );
#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
#endif
-/* end tables serialization structures and prototypes */
-
/* Default declaration of generated scanner - a define so the user can
* easily add parameters.
*/
#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
+#define YY_DECL int yylex YY_PROTO(( void ))
+#endif
/* Code executed at the beginning of each rule, after yytext and yyleng
* have been set up.
@@ -981,28 +914,26 @@ extern int yylex (void);
#define YY_RULE_SETUP \
YY_USER_ACTION
-/** The main scanner function which does all the work.
- */
YY_DECL
-{
+ {
register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
+ register char *yy_cp = NULL, *yy_bp = NULL;
register int yy_act;
-
+
#line 62 "lex.l"
-#line 995 "lex.yy.c"
+#line 926 "lex.c"
- if ( (yy_init) )
+ if ( yy_init )
{
- (yy_init) = 0;
+ yy_init = 0;
#ifdef YY_USER_INIT
YY_USER_INIT;
#endif
- if ( ! (yy_start) )
- (yy_start) = 1; /* first start state */
+ if ( ! yy_start )
+ yy_start = 1; /* first start state */
if ( ! yyin )
yyin = stdin;
@@ -1010,36 +941,34 @@ YY_DECL
if ( ! yyout )
yyout = stdout;
- if ( ! YY_CURRENT_BUFFER ) {
- yyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- yy_create_buffer(yyin,YY_BUF_SIZE );
- }
+ if ( ! yy_current_buffer )
+ yy_current_buffer =
+ yy_create_buffer( yyin, YY_BUF_SIZE );
- yy_load_buffer_state( );
+ yy_load_buffer_state();
}
while ( 1 ) /* loops until end-of-file is reached */
{
- yy_cp = (yy_c_buf_p);
+ yy_cp = yy_c_buf_p;
/* Support of yytext. */
- *yy_cp = (yy_hold_char);
+ *yy_cp = yy_hold_char;
/* yy_bp points to the position in yy_ch_buf of the start of
* the current run.
*/
yy_bp = yy_cp;
- yy_current_state = (yy_start);
+ yy_current_state = yy_start;
yy_match:
do
{
register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
if ( yy_accept[yy_current_state] )
{
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
}
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
@@ -1056,22 +985,24 @@ yy_find_action:
yy_act = yy_accept[yy_current_state];
if ( yy_act == 0 )
{ /* have to back up */
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
yy_act = yy_accept[yy_current_state];
}
YY_DO_BEFORE_ACTION;
+
do_action: /* This label is used only to access EOF actions. */
+
switch ( yy_act )
{ /* beginning of action switch */
case 0: /* must back up */
/* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = (yy_hold_char);
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
+ *yy_cp = yy_hold_char;
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
goto yy_find_action;
case 1:
@@ -1635,7 +1566,6 @@ YY_RULE_SETUP
;
YY_BREAK
case 91:
-/* rule 91 can match eol */
YY_RULE_SETUP
#line 264 "lex.l"
{ ++lineno; }
@@ -1660,33 +1590,33 @@ YY_RULE_SETUP
#line 268 "lex.l"
ECHO;
YY_BREAK
-#line 1664 "lex.yy.c"
+#line 1594 "lex.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
case YY_END_OF_BUFFER:
{
/* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+ int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
/* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = (yy_hold_char);
+ *yy_cp = yy_hold_char;
YY_RESTORE_YY_MORE_OFFSET
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+ if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
{
/* We're scanning a new file or input source. It's
* possible that this happened because the user
* just pointed yyin at a new source and called
* yylex(). If so, then we have to assure
- * consistency between YY_CURRENT_BUFFER and our
+ * consistency between yy_current_buffer and our
* globals. Here is the right place to do so, because
* this is the first action (other than possibly a
* back-up) that will match for the new input source.
*/
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yy_current_buffer->yy_input_file = yyin;
+ yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
}
/* Note that here we test for yy_c_buf_p "<=" to the position
@@ -1696,13 +1626,13 @@ case YY_STATE_EOF(INITIAL):
* end-of-buffer state). Contrast this with the test
* in input().
*/
- if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
{ /* This was really a NUL. */
yy_state_type yy_next_state;
- (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+ yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
- yy_current_state = yy_get_previous_state( );
+ yy_current_state = yy_get_previous_state();
/* Okay, we're now positioned to make the NUL
* transition. We couldn't have
@@ -1715,30 +1645,30 @@ case YY_STATE_EOF(INITIAL):
yy_next_state = yy_try_NUL_trans( yy_current_state );
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
if ( yy_next_state )
{
/* Consume the NUL. */
- yy_cp = ++(yy_c_buf_p);
+ yy_cp = ++yy_c_buf_p;
yy_current_state = yy_next_state;
goto yy_match;
}
else
{
- yy_cp = (yy_c_buf_p);
+ yy_cp = yy_c_buf_p;
goto yy_find_action;
}
}
- else switch ( yy_get_next_buffer( ) )
+ else switch ( yy_get_next_buffer() )
{
case EOB_ACT_END_OF_FILE:
{
- (yy_did_buffer_switch_on_eof) = 0;
+ yy_did_buffer_switch_on_eof = 0;
- if ( yywrap( ) )
+ if ( yywrap() )
{
/* Note: because we've taken care in
* yy_get_next_buffer() to have set up
@@ -1749,7 +1679,7 @@ case YY_STATE_EOF(INITIAL):
* YY_NULL, it'll still work - another
* YY_NULL will get returned.
*/
- (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+ yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
yy_act = YY_STATE_EOF(YY_START);
goto do_action;
@@ -1757,30 +1687,30 @@ case YY_STATE_EOF(INITIAL):
else
{
- if ( ! (yy_did_buffer_switch_on_eof) )
+ if ( ! yy_did_buffer_switch_on_eof )
YY_NEW_FILE;
}
break;
}
case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) =
- (yytext_ptr) + yy_amount_of_matched_text;
+ yy_c_buf_p =
+ yytext_ptr + yy_amount_of_matched_text;
- yy_current_state = yy_get_previous_state( );
+ yy_current_state = yy_get_previous_state();
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
goto yy_match;
case EOB_ACT_LAST_MATCH:
- (yy_c_buf_p) =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+ yy_c_buf_p =
+ &yy_current_buffer->yy_ch_buf[yy_n_chars];
- yy_current_state = yy_get_previous_state( );
+ yy_current_state = yy_get_previous_state();
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
goto yy_find_action;
}
break;
@@ -1791,7 +1721,8 @@ case YY_STATE_EOF(INITIAL):
"fatal flex scanner internal error--no action found" );
} /* end of action switch */
} /* end of scanning one token */
-} /* end of yylex */
+ } /* end of yylex */
+
/* yy_get_next_buffer - try to read in a new buffer
*
@@ -1800,20 +1731,21 @@ case YY_STATE_EOF(INITIAL):
* EOB_ACT_CONTINUE_SCAN - continue scanning from current position
* EOB_ACT_END_OF_FILE - end of file
*/
-static int yy_get_next_buffer (void)
-{
- register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
- register char *source = (yytext_ptr);
+
+static int yy_get_next_buffer()
+ {
+ register char *dest = yy_current_buffer->yy_ch_buf;
+ register char *source = yytext_ptr;
register int number_to_move, i;
int ret_val;
- if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+ if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
YY_FATAL_ERROR(
"fatal flex scanner internal error--end of buffer missed" );
- if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+ if ( yy_current_buffer->yy_fill_buffer == 0 )
{ /* Don't try to fill the buffer, so this is an EOF. */
- if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+ if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
{
/* We matched a single character, the EOB, so
* treat this as a final EOF.
@@ -1833,30 +1765,34 @@ static int yy_get_next_buffer (void)
/* Try to read more data. */
/* First move last chars to start of buffer. */
- number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+ number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
for ( i = 0; i < number_to_move; ++i )
*(dest++) = *(source++);
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+ yy_current_buffer->yy_n_chars = yy_n_chars = 0;
else
{
- size_t num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ int num_to_read =
+ yy_current_buffer->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
+#ifdef YY_USES_REJECT
+ YY_FATAL_ERROR(
+"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
+#else
/* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+ YY_BUFFER_STATE b = yy_current_buffer;
int yy_c_buf_p_offset =
- (int) ((yy_c_buf_p) - b->yy_ch_buf);
+ (int) (yy_c_buf_p - b->yy_ch_buf);
if ( b->yy_is_our_buffer )
{
@@ -1869,7 +1805,8 @@ static int yy_get_next_buffer (void)
b->yy_ch_buf = (char *)
/* Include room in for 2 EOB chars. */
- yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
+ yy_flex_realloc( (void *) b->yy_ch_buf,
+ b->yy_buf_size + 2 );
}
else
/* Can't grow it, we don't own it. */
@@ -1879,35 +1816,35 @@ static int yy_get_next_buffer (void)
YY_FATAL_ERROR(
"fatal error - scanner input buffer overflow" );
- (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+ yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
- num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+ num_to_read = yy_current_buffer->yy_buf_size -
number_to_move - 1;
-
+#endif
}
if ( num_to_read > YY_READ_BUF_SIZE )
num_to_read = YY_READ_BUF_SIZE;
/* Read in more data. */
- YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
- (yy_n_chars), num_to_read );
+ YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
+ yy_n_chars, num_to_read );
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ yy_current_buffer->yy_n_chars = yy_n_chars;
}
- if ( (yy_n_chars) == 0 )
+ if ( yy_n_chars == 0 )
{
if ( number_to_move == YY_MORE_ADJ )
{
ret_val = EOB_ACT_END_OF_FILE;
- yyrestart(yyin );
+ yyrestart( yyin );
}
else
{
ret_val = EOB_ACT_LAST_MATCH;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+ yy_current_buffer->yy_buffer_status =
YY_BUFFER_EOF_PENDING;
}
}
@@ -1915,31 +1852,32 @@ static int yy_get_next_buffer (void)
else
ret_val = EOB_ACT_CONTINUE_SCAN;
- (yy_n_chars) += number_to_move;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+ yy_n_chars += number_to_move;
+ yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+ yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
- (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+ yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
return ret_val;
-}
+ }
+
/* yy_get_previous_state - get the state just before the EOB char was reached */
- static yy_state_type yy_get_previous_state (void)
-{
+static yy_state_type yy_get_previous_state()
+ {
register yy_state_type yy_current_state;
register char *yy_cp;
-
- yy_current_state = (yy_start);
- for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ yy_current_state = yy_start;
+
+ for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
{
register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
if ( yy_accept[yy_current_state] )
{
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
}
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
@@ -1951,23 +1889,30 @@ static int yy_get_next_buffer (void)
}
return yy_current_state;
-}
+ }
+
/* yy_try_NUL_trans - try to make a transition on the NUL character
*
* synopsis
* next_state = yy_try_NUL_trans( current_state );
*/
- static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
-{
+
+#ifdef YY_USE_PROTOS
+static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
+#else
+static yy_state_type yy_try_NUL_trans( yy_current_state )
+yy_state_type yy_current_state;
+#endif
+ {
register int yy_is_jam;
- register char *yy_cp = (yy_c_buf_p);
+ register char *yy_cp = yy_c_buf_p;
register YY_CHAR yy_c = 1;
if ( yy_accept[yy_current_state] )
{
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
}
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
@@ -1979,73 +1924,81 @@ static int yy_get_next_buffer (void)
yy_is_jam = (yy_current_state == 567);
return yy_is_jam ? 0 : yy_current_state;
-}
+ }
- static void yyunput (int c, register char * yy_bp )
-{
- register char *yy_cp;
-
- yy_cp = (yy_c_buf_p);
+
+#ifndef YY_NO_UNPUT
+#ifdef YY_USE_PROTOS
+static void yyunput( int c, register char *yy_bp )
+#else
+static void yyunput( c, yy_bp )
+int c;
+register char *yy_bp;
+#endif
+ {
+ register char *yy_cp = yy_c_buf_p;
/* undo effects of setting up yytext */
- *yy_cp = (yy_hold_char);
+ *yy_cp = yy_hold_char;
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
{ /* need to shift things up to make room */
/* +2 for EOB chars. */
- register int number_to_move = (yy_n_chars) + 2;
- register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+ register int number_to_move = yy_n_chars + 2;
+ register char *dest = &yy_current_buffer->yy_ch_buf[
+ yy_current_buffer->yy_buf_size + 2];
register char *source =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+ &yy_current_buffer->yy_ch_buf[number_to_move];
- while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ while ( source > yy_current_buffer->yy_ch_buf )
*--dest = *--source;
yy_cp += (int) (dest - source);
yy_bp += (int) (dest - source);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+ yy_current_buffer->yy_n_chars =
+ yy_n_chars = yy_current_buffer->yy_buf_size;
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
YY_FATAL_ERROR( "flex scanner push-back overflow" );
}
*--yy_cp = (char) c;
- (yytext_ptr) = yy_bp;
- (yy_hold_char) = *yy_cp;
- (yy_c_buf_p) = yy_cp;
-}
+
+ yytext_ptr = yy_bp;
+ yy_hold_char = *yy_cp;
+ yy_c_buf_p = yy_cp;
+ }
+#endif /* ifndef YY_NO_UNPUT */
+
#ifndef YY_NO_INPUT
#ifdef __cplusplus
- static int yyinput (void)
+static int yyinput()
#else
- static int input (void)
+static int input()
#endif
-
-{
+ {
int c;
-
- *(yy_c_buf_p) = (yy_hold_char);
- if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+ *yy_c_buf_p = yy_hold_char;
+
+ if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
{
/* yy_c_buf_p now points to the character we want to return.
* If this occurs *before* the EOB characters, then it's a
* valid NUL; if not, then we've hit the end of the buffer.
*/
- if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
/* This was really a NUL. */
- *(yy_c_buf_p) = '\0';
+ *yy_c_buf_p = '\0';
else
{ /* need more input */
- int offset = (yy_c_buf_p) - (yytext_ptr);
- ++(yy_c_buf_p);
+ int offset = yy_c_buf_p - yytext_ptr;
+ ++yy_c_buf_p;
- switch ( yy_get_next_buffer( ) )
+ switch ( yy_get_next_buffer() )
{
case EOB_ACT_LAST_MATCH:
/* This happens because yy_g_n_b()
@@ -2059,16 +2012,16 @@ static int yy_get_next_buffer (void)
*/
/* Reset buffer status. */
- yyrestart(yyin );
+ yyrestart( yyin );
- /*FALLTHROUGH*/
+ /* fall through */
case EOB_ACT_END_OF_FILE:
{
- if ( yywrap( ) )
+ if ( yywrap() )
return EOF;
- if ( ! (yy_did_buffer_switch_on_eof) )
+ if ( ! yy_did_buffer_switch_on_eof )
YY_NEW_FILE;
#ifdef __cplusplus
return yyinput();
@@ -2078,92 +2031,90 @@ static int yy_get_next_buffer (void)
}
case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) = (yytext_ptr) + offset;
+ yy_c_buf_p = yytext_ptr + offset;
break;
}
}
}
- c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
- *(yy_c_buf_p) = '\0'; /* preserve yytext */
- (yy_hold_char) = *++(yy_c_buf_p);
+ c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
+ *yy_c_buf_p = '\0'; /* preserve yytext */
+ yy_hold_char = *++yy_c_buf_p;
+
return c;
-}
-#endif /* ifndef YY_NO_INPUT */
+ }
+#endif /* YY_NO_INPUT */
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- *
- * @note This function does not reset the start condition to @c INITIAL .
- */
- void yyrestart (FILE * input_file )
-{
-
- if ( ! YY_CURRENT_BUFFER ){
- yyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- yy_create_buffer(yyin,YY_BUF_SIZE );
+#ifdef YY_USE_PROTOS
+void yyrestart( FILE *input_file )
+#else
+void yyrestart( input_file )
+FILE *input_file;
+#endif
+ {
+ if ( ! yy_current_buffer )
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
+
+ yy_init_buffer( yy_current_buffer, input_file );
+ yy_load_buffer_state();
}
- yy_init_buffer(YY_CURRENT_BUFFER,input_file );
- yy_load_buffer_state( );
-}
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- *
- */
- void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
-{
-
- /* TODO. We should be able to replace this entire function body
- * with
- * yypop_buffer_state();
- * yypush_buffer_state(new_buffer);
- */
- yyensure_buffer_stack ();
- if ( YY_CURRENT_BUFFER == new_buffer )
+#ifdef YY_USE_PROTOS
+void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
+#else
+void yy_switch_to_buffer( new_buffer )
+YY_BUFFER_STATE new_buffer;
+#endif
+ {
+ if ( yy_current_buffer == new_buffer )
return;
- if ( YY_CURRENT_BUFFER )
+ if ( yy_current_buffer )
{
/* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ *yy_c_buf_p = yy_hold_char;
+ yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+ yy_current_buffer->yy_n_chars = yy_n_chars;
}
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
- yy_load_buffer_state( );
+ yy_current_buffer = new_buffer;
+ yy_load_buffer_state();
/* We don't actually know whether we did this switch during
* EOF (yywrap()) processing, but the only time this flag
* is looked at is after yywrap() is called, so it's safe
* to go ahead and always set it.
*/
- (yy_did_buffer_switch_on_eof) = 1;
-}
+ yy_did_buffer_switch_on_eof = 1;
+ }
-static void yy_load_buffer_state (void)
-{
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
- yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
- (yy_hold_char) = *(yy_c_buf_p);
-}
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- *
- * @return the allocated buffer state.
- */
- YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
-{
+#ifdef YY_USE_PROTOS
+void yy_load_buffer_state( void )
+#else
+void yy_load_buffer_state()
+#endif
+ {
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+ yyin = yy_current_buffer->yy_input_file;
+ yy_hold_char = *yy_c_buf_p;
+ }
+
+
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
+#else
+YY_BUFFER_STATE yy_create_buffer( file, size )
+FILE *file;
+int size;
+#endif
+ {
YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+
+ b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
if ( ! b )
YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
@@ -2172,75 +2123,75 @@ static void yy_load_buffer_state (void)
/* yy_ch_buf has to be 2 characters longer than the size given because
* we need to put in 2 end-of-buffer characters.
*/
- b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
+ b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
if ( ! b->yy_ch_buf )
YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
b->yy_is_our_buffer = 1;
- yy_init_buffer(b,file );
+ yy_init_buffer( b, file );
return b;
-}
+ }
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- *
- */
- void yy_delete_buffer (YY_BUFFER_STATE b )
-{
-
+
+#ifdef YY_USE_PROTOS
+void yy_delete_buffer( YY_BUFFER_STATE b )
+#else
+void yy_delete_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+ {
if ( ! b )
return;
- if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
- YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+ if ( b == yy_current_buffer )
+ yy_current_buffer = (YY_BUFFER_STATE) 0;
if ( b->yy_is_our_buffer )
- yyfree((void *) b->yy_ch_buf );
+ yy_flex_free( (void *) b->yy_ch_buf );
- yyfree((void *) b );
-}
+ yy_flex_free( (void *) b );
+ }
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
- static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
-{
- int oerrno = errno;
-
- yy_flush_buffer(b );
+
+#ifdef YY_USE_PROTOS
+void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
+#else
+void yy_init_buffer( b, file )
+YY_BUFFER_STATE b;
+FILE *file;
+#endif
+
+
+ {
+ yy_flush_buffer( b );
b->yy_input_file = file;
b->yy_fill_buffer = 1;
- /* If b is the current buffer, then yy_init_buffer was _probably_
- * called from yyrestart() or through yy_get_next_buffer.
- * In that case, we don't want to reset the lineno or column.
- */
- if (b != YY_CURRENT_BUFFER){
- b->yy_bs_lineno = 1;
- b->yy_bs_column = 0;
- }
-
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-
- errno = oerrno;
-}
+#if YY_ALWAYS_INTERACTIVE
+ b->yy_is_interactive = 1;
+#else
+#if YY_NEVER_INTERACTIVE
+ b->yy_is_interactive = 0;
+#else
+ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+#endif
+#endif
+ }
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- *
- */
- void yy_flush_buffer (YY_BUFFER_STATE b )
-{
- if ( ! b )
+
+#ifdef YY_USE_PROTOS
+void yy_flush_buffer( YY_BUFFER_STATE b )
+#else
+void yy_flush_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+
+ {
+ if ( ! b )
return;
b->yy_n_chars = 0;
@@ -2257,121 +2208,29 @@ extern int isatty (int );
b->yy_at_bol = 1;
b->yy_buffer_status = YY_BUFFER_NEW;
- if ( b == YY_CURRENT_BUFFER )
- yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- * the current state. This function will allocate the stack
- * if necessary.
- * @param new_buffer The new state.
- *
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
- if (new_buffer == NULL)
- return;
-
- yyensure_buffer_stack();
-
- /* This block is copied from yy_switch_to_buffer. */
- if ( YY_CURRENT_BUFFER )
- {
- /* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- /* Only push if top exists. Otherwise, replace top. */
- if (YY_CURRENT_BUFFER)
- (yy_buffer_stack_top)++;
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
- /* copied from yy_switch_to_buffer. */
- yy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- * The next element becomes the new top.
- *
- */
-void yypop_buffer_state (void)
-{
- if (!YY_CURRENT_BUFFER)
- return;
-
- yy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- if ((yy_buffer_stack_top) > 0)
- --(yy_buffer_stack_top);
-
- if (YY_CURRENT_BUFFER) {
- yy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
+ if ( b == yy_current_buffer )
+ yy_load_buffer_state();
}
-}
-
-/* Allocates the stack if it does not exist.
- * Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
- int num_to_alloc;
-
- if (!(yy_buffer_stack)) {
-
- /* First allocation is just for 2 elements, since we don't know if this
- * scanner will even need a stack. We use 2 instead of 1 to avoid an
- * immediate realloc on the next call.
- */
- num_to_alloc = 1;
- (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
- (num_to_alloc * sizeof(struct yy_buffer_state*)
- );
-
- memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-
- (yy_buffer_stack_max) = num_to_alloc;
- (yy_buffer_stack_top) = 0;
- return;
- }
-
- if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
- /* Increase the buffer to prepare for a possible push. */
- int grow_size = 8 /* arbitrary grow size */;
- num_to_alloc = (yy_buffer_stack_max) + grow_size;
- (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
- ((yy_buffer_stack),
- num_to_alloc * sizeof(struct yy_buffer_state*)
- );
-
- /* zero only the new slots.*/
- memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
- (yy_buffer_stack_max) = num_to_alloc;
- }
-}
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
-{
+#ifndef YY_NO_SCAN_BUFFER
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
+#else
+YY_BUFFER_STATE yy_scan_buffer( base, size )
+char *base;
+yy_size_t size;
+#endif
+ {
YY_BUFFER_STATE b;
-
+
if ( size < 2 ||
base[size-2] != YY_END_OF_BUFFER_CHAR ||
base[size-1] != YY_END_OF_BUFFER_CHAR )
/* They forgot to leave room for the EOB's. */
return 0;
- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
if ( ! b )
YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
@@ -2385,42 +2244,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
b->yy_fill_buffer = 0;
b->yy_buffer_status = YY_BUFFER_NEW;
- yy_switch_to_buffer(b );
+ yy_switch_to_buffer( b );
return b;
-}
+ }
+#endif
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param yy_str a NUL-terminated string to scan
- *
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- * yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str )
-{
-
- return yy_scan_bytes(yy_str,strlen(yy_str) );
-}
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len )
-{
+#ifndef YY_NO_SCAN_STRING
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
+#else
+YY_BUFFER_STATE yy_scan_string( yy_str )
+yyconst char *yy_str;
+#endif
+ {
+ int len;
+ for ( len = 0; yy_str[len]; ++len )
+ ;
+
+ return yy_scan_bytes( yy_str, len );
+ }
+#endif
+
+
+#ifndef YY_NO_SCAN_BYTES
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
+#else
+YY_BUFFER_STATE yy_scan_bytes( bytes, len )
+yyconst char *bytes;
+int len;
+#endif
+ {
YY_BUFFER_STATE b;
char *buf;
yy_size_t n;
int i;
-
+
/* Get memory for full buffer, including space for trailing EOB's. */
n = len + 2;
- buf = (char *) yyalloc(n );
+ buf = (char *) yy_flex_alloc( n );
if ( ! buf )
YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
@@ -2429,7 +2293,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len )
buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
- b = yy_scan_buffer(buf,n );
+ b = yy_scan_buffer( buf, n );
if ( ! b )
YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
@@ -2439,164 +2303,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len )
b->yy_is_our_buffer = 1;
return b;
-}
+ }
+#endif
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
+
+#ifndef YY_NO_PUSH_STATE
+#ifdef YY_USE_PROTOS
+static void yy_push_state( int new_state )
+#else
+static void yy_push_state( new_state )
+int new_state;
#endif
+ {
+ if ( yy_start_stack_ptr >= yy_start_stack_depth )
+ {
+ yy_size_t new_size;
-static void yy_fatal_error (yyconst char* msg )
-{
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
-}
+ yy_start_stack_depth += YY_START_STACK_INCR;
+ new_size = yy_start_stack_depth * sizeof( int );
-/* Redefine yyless() so it works in section 3 code. */
+ if ( ! yy_start_stack )
+ yy_start_stack = (int *) yy_flex_alloc( new_size );
-#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- yytext[yyleng] = (yy_hold_char); \
- (yy_c_buf_p) = yytext + yyless_macro_arg; \
- (yy_hold_char) = *(yy_c_buf_p); \
- *(yy_c_buf_p) = '\0'; \
- yyleng = yyless_macro_arg; \
- } \
- while ( 0 )
+ else
+ yy_start_stack = (int *) yy_flex_realloc(
+ (void *) yy_start_stack, new_size );
-/* Accessor methods (get/set functions) to struct members. */
+ if ( ! yy_start_stack )
+ YY_FATAL_ERROR(
+ "out of memory expanding start-condition stack" );
+ }
-/** Get the current line number.
- *
- */
-int yyget_lineno (void)
-{
-
- return yylineno;
-}
+ yy_start_stack[yy_start_stack_ptr++] = YY_START;
-/** Get the input stream.
- *
- */
-FILE *yyget_in (void)
-{
- return yyin;
-}
+ BEGIN(new_state);
+ }
+#endif
-/** Get the output stream.
- *
- */
-FILE *yyget_out (void)
-{
- return yyout;
-}
-/** Get the length of the current token.
- *
- */
-int yyget_leng (void)
-{
- return yyleng;
-}
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state()
+ {
+ if ( --yy_start_stack_ptr < 0 )
+ YY_FATAL_ERROR( "start-condition stack underflow" );
-/** Get the current token.
- *
- */
+ BEGIN(yy_start_stack[yy_start_stack_ptr]);
+ }
+#endif
-char *yyget_text (void)
-{
- return yytext;
-}
-/** Set the current line number.
- * @param line_number
- *
- */
-void yyset_lineno (int line_number )
-{
-
- yylineno = line_number;
-}
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state()
+ {
+ return yy_start_stack[yy_start_stack_ptr - 1];
+ }
+#endif
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- *
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE * in_str )
-{
- yyin = in_str ;
-}
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
-void yyset_out (FILE * out_str )
-{
- yyout = out_str ;
-}
+#ifdef YY_USE_PROTOS
+static void yy_fatal_error( yyconst char msg[] )
+#else
+static void yy_fatal_error( msg )
+char msg[];
+#endif
+ {
+ (void) fprintf( stderr, "%s\n", msg );
+ exit( YY_EXIT_FAILURE );
+ }
-int yyget_debug (void)
-{
- return yy_flex_debug;
-}
-void yyset_debug (int bdebug )
-{
- yy_flex_debug = bdebug ;
-}
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy (void)
-{
-
- /* Pop the buffer stack, destroying each element. */
- while(YY_CURRENT_BUFFER){
- yy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- yypop_buffer_state();
- }
+/* Redefine yyless() so it works in section 3 code. */
- /* Destroy the stack itself. */
- yyfree((yy_buffer_stack) );
- (yy_buffer_stack) = NULL;
+#undef yyless
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ yytext[yyleng] = yy_hold_char; \
+ yy_c_buf_p = yytext + n; \
+ yy_hold_char = *yy_c_buf_p; \
+ *yy_c_buf_p = '\0'; \
+ yyleng = n; \
+ } \
+ while ( 0 )
- return 0;
-}
-/*
- * Internal utility routines.
- */
+/* Internal utility routines. */
#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
+#ifdef YY_USE_PROTOS
+static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
+#else
+static void yy_flex_strncpy( s1, s2, n )
+char *s1;
+yyconst char *s2;
+int n;
+#endif
+ {
register int i;
- for ( i = 0; i < n; ++i )
+ for ( i = 0; i < n; ++i )
s1[i] = s2[i];
-}
+ }
#endif
#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
+#ifdef YY_USE_PROTOS
+static int yy_flex_strlen( yyconst char *s )
+#else
+static int yy_flex_strlen( s )
+yyconst char *s;
+#endif
+ {
register int n;
- for ( n = 0; s[n]; ++n )
+ for ( n = 0; s[n]; ++n )
;
return n;
-}
+ }
#endif
-void *yyalloc (yy_size_t size )
-{
+
+#ifdef YY_USE_PROTOS
+static void *yy_flex_alloc( yy_size_t size )
+#else
+static void *yy_flex_alloc( size )
+yy_size_t size;
+#endif
+ {
return (void *) malloc( size );
-}
+ }
-void *yyrealloc (void * ptr, yy_size_t size )
-{
+#ifdef YY_USE_PROTOS
+static void *yy_flex_realloc( void *ptr, yy_size_t size )
+#else
+static void *yy_flex_realloc( ptr, size )
+void *ptr;
+yy_size_t size;
+#endif
+ {
/* The cast to (char *) in the following accommodates both
* implementations that use char* generic pointers, and those
* that use void* generic pointers. It works with the latter
@@ -2605,31 +2453,28 @@ void *yyrealloc (void * ptr, yy_size_t size )
* as though doing an assignment.
*/
return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
- free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
+ }
-#undef YY_NEW_FILE
-#undef YY_FLUSH_BUFFER
-#undef yy_set_bol
-#undef yy_new_buffer
-#undef yy_set_interactive
-#undef yytext_ptr
-#undef YY_DO_BEFORE_ACTION
+#ifdef YY_USE_PROTOS
+static void yy_flex_free( void *ptr )
+#else
+static void yy_flex_free( ptr )
+void *ptr;
+#endif
+ {
+ free( ptr );
+ }
-#ifdef YY_DECL_IS_OURS
-#undef YY_DECL_IS_OURS
-#undef YY_DECL
+#if YY_MAIN
+int main()
+ {
+ yylex();
+ return 0;
+ }
#endif
#line 268 "lex.l"
-
#ifndef yywrap /* XXX */
int
yywrap ()
@@ -2655,4 +2500,3 @@ unterminated(const char *type, unsigned start_lineno)
{
error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
}
-
diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c
index 420a1bc5c5..0bf3cdafdb 100644
--- a/source4/heimdal/lib/asn1/parse.c
+++ b/source4/heimdal/lib/asn1/parse.c
@@ -1,7 +1,7 @@
-/* A Bison parser, made by GNU Bison 2.1. */
+/* A Bison parser, made by GNU Bison 2.0. */
/* Skeleton parser for Yacc-like parsing with Bison,
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -15,8 +15,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
+ Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA. */
/* As a special exception, when this file is copied by Bison into a
Bison output file, you may use that output file without restriction.
@@ -36,9 +36,6 @@
/* Identify Bison output. */
#define YYBISON 1
-/* Bison version. */
-#define YYBISON_VERSION "2.1"
-
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
@@ -145,7 +142,6 @@
NUMBER = 344
};
#endif
-/* Tokens. */
#define kw_ABSENT 258
#define kw_ABSTRACT_SYNTAX 259
#define kw_ALL 260
@@ -270,7 +266,7 @@ struct string_list {
/* Enabling traces. */
#ifndef YYDEBUG
-# define YYDEBUG 0
+# define YYDEBUG 1
#endif
/* Enabling verbose error messages. */
@@ -281,11 +277,6 @@ struct string_list {
# define YYERROR_VERBOSE 0
#endif
-/* Enabling the token table. */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
#line 65 "parse.y"
typedef union YYSTYPE {
@@ -302,8 +293,8 @@ typedef union YYSTYPE {
struct memhead *members;
struct constraint_spec *constraint_spec;
} YYSTYPE;
-/* Line 196 of yacc.c. */
-#line 307 "$base.c"
+/* Line 190 of yacc.c. */
+#line 298 "parse.c"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
@@ -314,36 +305,17 @@ typedef union YYSTYPE {
/* Copy the second part of user declarations. */
-/* Line 219 of yacc.c. */
-#line 319 "$base.c"
+/* Line 213 of yacc.c. */
+#line 310 "parse.c"
-#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
-# define YYSIZE_T __SIZE_TYPE__
-#endif
-#if ! defined (YYSIZE_T) && defined (size_t)
-# define YYSIZE_T size_t
-#endif
-#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus))
-# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-# define YYSIZE_T size_t
-#endif
-#if ! defined (YYSIZE_T)
-# define YYSIZE_T unsigned int
-#endif
+#if ! defined (yyoverflow) || YYERROR_VERBOSE
-#ifndef YY_
-# if YYENABLE_NLS
-# if ENABLE_NLS
-# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-# define YY_(msgid) dgettext ("bison-runtime", msgid)
-# endif
+# ifndef YYFREE
+# define YYFREE free
# endif
-# ifndef YY_
-# define YY_(msgid) msgid
+# ifndef YYMALLOC
+# define YYMALLOC malloc
# endif
-#endif
-
-#if ! defined (yyoverflow) || YYERROR_VERBOSE
/* The parser invokes alloca or malloc; define the necessary symbols. */
@@ -353,10 +325,6 @@ typedef union YYSTYPE {
# define YYSTACK_ALLOC __builtin_alloca
# else
# define YYSTACK_ALLOC alloca
-# if defined (__STDC__) || defined (__cplusplus)
-# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-# define YYINCLUDED_STDLIB_H
-# endif
# endif
# endif
# endif
@@ -364,39 +332,13 @@ typedef union YYSTYPE {
# ifdef YYSTACK_ALLOC
/* Pacify GCC's `empty if-body' warning. */
# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
-# ifndef YYSTACK_ALLOC_MAXIMUM
- /* The OS might guarantee only one guard page at the bottom of the stack,
- and a page size can be as small as 4096 bytes. So we cannot safely
- invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
- to allow for a few compiler-allocated temporary stack slots. */
-# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */
-# endif
# else
+# if defined (__STDC__) || defined (__cplusplus)
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# endif
# define YYSTACK_ALLOC YYMALLOC
# define YYSTACK_FREE YYFREE
-# ifndef YYSTACK_ALLOC_MAXIMUM
-# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1)
-# endif
-# ifdef __cplusplus
-extern "C" {
-# endif
-# ifndef YYMALLOC
-# define YYMALLOC malloc
-# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \
- && (defined (__STDC__) || defined (__cplusplus)))
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-# endif
-# endif
-# ifndef YYFREE
-# define YYFREE free
-# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \
- && (defined (__STDC__) || defined (__cplusplus)))
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-# endif
-# endif
-# ifdef __cplusplus
-}
-# endif
# endif
#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
@@ -431,7 +373,7 @@ union yyalloc
# define YYCOPY(To, From, Count) \
do \
{ \
- YYSIZE_T yyi; \
+ register YYSIZE_T yyi; \
for (yyi = 0; yyi < (Count); yyi++) \
(To)[yyi] = (From)[yyi]; \
} \
@@ -481,7 +423,7 @@ union yyalloc
#define YYUNDEFTOK 2
#define YYMAXUTOK 344
-#define YYTRANSLATE(YYX) \
+#define YYTRANSLATE(YYX) \
((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
@@ -606,8 +548,8 @@ static const unsigned short int yyrline[] =
};
#endif
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+#if YYDEBUG || YYERROR_VERBOSE
+/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
First, the terminals, then, starting at YYNTOKENS, nonterminals. */
static const char *const yytname[] =
{
@@ -862,6 +804,22 @@ static const unsigned char yystos[] =
154
};
+#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
+# define YYSIZE_T __SIZE_TYPE__
+#endif
+#if ! defined (YYSIZE_T) && defined (size_t)
+# define YYSIZE_T size_t
+#endif
+#if ! defined (YYSIZE_T)
+# if defined (__STDC__) || defined (__cplusplus)
+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# endif
+#endif
+#if ! defined (YYSIZE_T)
+# define YYSIZE_T unsigned int
+#endif
+
#define yyerrok (yyerrstatus = 0)
#define yyclearin (yychar = YYEMPTY)
#define YYEMPTY (-2)
@@ -891,8 +849,8 @@ do \
goto yybackup; \
} \
else \
- { \
- yyerror (YY_("syntax error: cannot back up")); \
+ { \
+ yyerror ("syntax error: cannot back up");\
YYERROR; \
} \
while (0)
@@ -971,7 +929,7 @@ do { \
if (yydebug) \
{ \
YYFPRINTF (stderr, "%s ", Title); \
- yysymprint (stderr, \
+ yysymprint (stderr, \
Type, Value); \
YYFPRINTF (stderr, "\n"); \
} \
@@ -1019,13 +977,13 @@ yy_reduce_print (yyrule)
#endif
{
int yyi;
- unsigned long int yylno = yyrline[yyrule];
- YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ",
+ unsigned int yylno = yyrline[yyrule];
+ YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ",
yyrule - 1, yylno);
/* Print the symbols being reduced, and their result. */
for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++)
- YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]);
- YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]);
+ YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]);
+ YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]);
}
# define YY_REDUCE_PRINT(Rule) \
@@ -1054,7 +1012,7 @@ int yydebug;
if the built-in stack extension method is used).
Do not make this value too large; the results are undefined if
- YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+ SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
evaluated with infinite-precision integer arithmetic. */
#ifndef YYMAXDEPTH
@@ -1078,7 +1036,7 @@ yystrlen (yystr)
const char *yystr;
# endif
{
- const char *yys = yystr;
+ register const char *yys = yystr;
while (*yys++ != '\0')
continue;
@@ -1103,8 +1061,8 @@ yystpcpy (yydest, yysrc)
const char *yysrc;
# endif
{
- char *yyd = yydest;
- const char *yys = yysrc;
+ register char *yyd = yydest;
+ register const char *yys = yysrc;
while ((*yyd++ = *yys++) != '\0')
continue;
@@ -1114,55 +1072,7 @@ yystpcpy (yydest, yysrc)
# endif
# endif
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
- quotes and backslashes, so that it's suitable for yyerror. The
- heuristic is that double-quoting is unnecessary unless the string
- contains an apostrophe, a comma, or backslash (other than
- backslash-backslash). YYSTR is taken from yytname. If YYRES is
- null, do not copy; instead, return the length of what the result
- would have been. */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
- if (*yystr == '"')
- {
- size_t yyn = 0;
- char const *yyp = yystr;
-
- for (;;)
- switch (*++yyp)
- {
- case '\'':
- case ',':
- goto do_not_strip_quotes;
-
- case '\\':
- if (*++yyp != '\\')
- goto do_not_strip_quotes;
- /* Fall through. */
- default:
- if (yyres)
- yyres[yyn] = *yyp;
- yyn++;
- break;
-
- case '"':
- if (yyres)
- yyres[yyn] = '\0';
- return yyn;
- }
- do_not_strip_quotes: ;
- }
-
- if (! yyres)
- return yystrlen (yystr);
-
- return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-#endif /* YYERROR_VERBOSE */
+#endif /* !YYERROR_VERBOSE */
@@ -1282,13 +1192,13 @@ yyparse (void)
#else
int
yyparse ()
- ;
+
#endif
#endif
{
- int yystate;
- int yyn;
+ register int yystate;
+ register int yyn;
int yyresult;
/* Number of tokens to shift before error messages enabled. */
int yyerrstatus;
@@ -1306,12 +1216,12 @@ yyparse ()
/* The state stack. */
short int yyssa[YYINITDEPTH];
short int *yyss = yyssa;
- short int *yyssp;
+ register short int *yyssp;
/* The semantic value stack. */
YYSTYPE yyvsa[YYINITDEPTH];
YYSTYPE *yyvs = yyvsa;
- YYSTYPE *yyvsp;
+ register YYSTYPE *yyvsp;
@@ -1343,6 +1253,9 @@ yyparse ()
yyssp = yyss;
yyvsp = yyvs;
+
+ yyvsp[0] = yylval;
+
goto yysetstate;
/*------------------------------------------------------------.
@@ -1375,7 +1288,7 @@ yyparse ()
data in use in that stack, in bytes. This used to be a
conditional around just the two extra args, but that might
be undefined if yyoverflow is a macro. */
- yyoverflow (YY_("memory exhausted"),
+ yyoverflow ("parser stack overflow",
&yyss1, yysize * sizeof (*yyssp),
&yyvs1, yysize * sizeof (*yyvsp),
@@ -1386,11 +1299,11 @@ yyparse ()
}
#else /* no yyoverflow */
# ifndef YYSTACK_RELOCATE
- goto yyexhaustedlab;
+ goto yyoverflowlab;
# else
/* Extend the stack our own way. */
if (YYMAXDEPTH <= yystacksize)
- goto yyexhaustedlab;
+ goto yyoverflowlab;
yystacksize *= 2;
if (YYMAXDEPTH < yystacksize)
yystacksize = YYMAXDEPTH;
@@ -1400,7 +1313,7 @@ yyparse ()
union yyalloc *yyptr =
(union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
if (! yyptr)
- goto yyexhaustedlab;
+ goto yyoverflowlab;
YYSTACK_RELOCATE (yyss);
YYSTACK_RELOCATE (yyvs);
@@ -2230,11 +2143,10 @@ yyreduce:
break;
- default: break;
}
-/* Line 1126 of yacc.c. */
-#line 2238 "$base.c"
+/* Line 1037 of yacc.c. */
+#line 2150 "parse.c"
yyvsp -= yylen;
yyssp -= yylen;
@@ -2273,36 +2185,12 @@ yyerrlab:
if (YYPACT_NINF < yyn && yyn < YYLAST)
{
+ YYSIZE_T yysize = 0;
int yytype = YYTRANSLATE (yychar);
- YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
- YYSIZE_T yysize = yysize0;
- YYSIZE_T yysize1;
- int yysize_overflow = 0;
- char *yymsg = 0;
-# define YYERROR_VERBOSE_ARGS_MAXIMUM 5
- char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+ const char* yyprefix;
+ char *yymsg;
int yyx;
-#if 0
- /* This is so xgettext sees the translatable formats that are
- constructed on the fly. */
- YY_("syntax error, unexpected %s");
- YY_("syntax error, unexpected %s, expecting %s");
- YY_("syntax error, unexpected %s, expecting %s or %s");
- YY_("syntax error, unexpected %s, expecting %s or %s or %s");
- YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-#endif
- char *yyfmt;
- char const *yyf;
- static char const yyunexpected[] = "syntax error, unexpected %s";
- static char const yyexpecting[] = ", expecting %s";
- static char const yyor[] = " or %s";
- char yyformat[sizeof yyunexpected
- + sizeof yyexpecting - 1
- + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
- * (sizeof yyor - 1))];
- char const *yyprefix = yyexpecting;
-
/* Start YYX at -YYN if negative to avoid negative indexes in
YYCHECK. */
int yyxbegin = yyn < 0 ? -yyn : 0;
@@ -2310,68 +2198,48 @@ yyerrlab:
/* Stay within bounds of both yycheck and yytname. */
int yychecklim = YYLAST - yyn;
int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
- int yycount = 1;
-
- yyarg[0] = yytname[yytype];
- yyfmt = yystpcpy (yyformat, yyunexpected);
+ int yycount = 0;
+ yyprefix = ", expecting ";
for (yyx = yyxbegin; yyx < yyxend; ++yyx)
if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
{
- if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+ yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]);
+ yycount += 1;
+ if (yycount == 5)
{
- yycount = 1;
- yysize = yysize0;
- yyformat[sizeof yyunexpected - 1] = '\0';
+ yysize = 0;
break;
}
- yyarg[yycount++] = yytname[yyx];
- yysize1 = yysize + yytnamerr (0, yytname[yyx]);
- yysize_overflow |= yysize1 < yysize;
- yysize = yysize1;
- yyfmt = yystpcpy (yyfmt, yyprefix);
- yyprefix = yyor;
}
-
- yyf = YY_(yyformat);
- yysize1 = yysize + yystrlen (yyf);
- yysize_overflow |= yysize1 < yysize;
- yysize = yysize1;
-
- if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM)
- yymsg = (char *) YYSTACK_ALLOC (yysize);
- if (yymsg)
+ yysize += (sizeof ("syntax error, unexpected ")
+ + yystrlen (yytname[yytype]));
+ yymsg = (char *) YYSTACK_ALLOC (yysize);
+ if (yymsg != 0)
{
- /* Avoid sprintf, as that infringes on the user's name space.
- Don't have undefined behavior even if the translation
- produced a string with the wrong number of "%s"s. */
- char *yyp = yymsg;
- int yyi = 0;
- while ((*yyp = *yyf))
+ char *yyp = yystpcpy (yymsg, "syntax error, unexpected ");
+ yyp = yystpcpy (yyp, yytname[yytype]);
+
+ if (yycount < 5)
{
- if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
- {
- yyp += yytnamerr (yyp, yyarg[yyi++]);
- yyf += 2;
- }
- else
- {
- yyp++;
- yyf++;
- }
+ yyprefix = ", expecting ";
+ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+ {
+ yyp = yystpcpy (yyp, yyprefix);
+ yyp = yystpcpy (yyp, yytname[yyx]);
+ yyprefix = " or ";
+ }
}
yyerror (yymsg);
YYSTACK_FREE (yymsg);
}
else
- {
- yyerror (YY_("syntax error"));
- goto yyexhaustedlab;
- }
+ yyerror ("syntax error; also virtual memory exhausted");
}
else
#endif /* YYERROR_VERBOSE */
- yyerror (YY_("syntax error"));
+ yyerror ("syntax error");
}
@@ -2383,9 +2251,18 @@ yyerrlab:
if (yychar <= YYEOF)
{
- /* Return failure if at end of input. */
+ /* If at end of input, pop the error token,
+ then the rest of the stack, then return failure. */
if (yychar == YYEOF)
- YYABORT;
+ for (;;)
+ {
+
+ YYPOPSTACK;
+ if (yyssp == yyss)
+ YYABORT;
+ yydestruct ("Error: popping",
+ yystos[*yyssp], yyvsp);
+ }
}
else
{
@@ -2404,11 +2281,12 @@ yyerrlab:
`---------------------------------------------------*/
yyerrorlab:
- /* Pacify compilers like GCC when the user code never invokes
- YYERROR and the label yyerrorlab therefore never appears in user
- code. */
+#ifdef __GNUC__
+ /* Pacify GCC when the user code never invokes YYERROR and the label
+ yyerrorlab therefore never appears in user code. */
if (0)
goto yyerrorlab;
+#endif
yyvsp -= yylen;
yyssp -= yylen;
@@ -2471,29 +2349,23 @@ yyacceptlab:
| yyabortlab -- YYABORT comes here. |
`-----------------------------------*/
yyabortlab:
+ yydestruct ("Error: discarding lookahead",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
yyresult = 1;
goto yyreturn;
#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here. |
-`-------------------------------------------------*/
-yyexhaustedlab:
- yyerror (YY_("memory exhausted"));
+/*----------------------------------------------.
+| yyoverflowlab -- parser overflow comes here. |
+`----------------------------------------------*/
+yyoverflowlab:
+ yyerror ("parser stack overflow");
yyresult = 2;
/* Fall through. */
#endif
yyreturn:
- if (yychar != YYEOF && yychar != YYEMPTY)
- yydestruct ("Cleanup: discarding lookahead",
- yytoken, &yylval);
- while (yyssp != yyss)
- {
- yydestruct ("Cleanup: popping",
- yystos[*yyssp], yyvsp);
- YYPOPSTACK;
- }
#ifndef yyoverflow
if (yyss != yyssa)
YYSTACK_FREE (yyss);
diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h
index df4587501e..5cc1342618 100644
--- a/source4/heimdal/lib/asn1/parse.h
+++ b/source4/heimdal/lib/asn1/parse.h
@@ -1,7 +1,7 @@
-/* A Bison parser, made by GNU Bison 2.1. */
+/* A Bison parser, made by GNU Bison 2.0. */
/* Skeleton parser for Yacc-like parsing with Bison,
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -15,8 +15,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
+ Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA. */
/* As a special exception, when this file is copied by Bison into a
Bison output file, you may use that output file without restriction.
@@ -118,7 +118,6 @@
NUMBER = 344
};
#endif
-/* Tokens. */
#define kw_ABSENT 258
#define kw_ABSTRACT_SYNTAX 259
#define kw_ALL 260
@@ -226,8 +225,8 @@ typedef union YYSTYPE {
struct memhead *members;
struct constraint_spec *constraint_spec;
} YYSTYPE;
-/* Line 1447 of yacc.c. */
-#line 231 "parse.h"
+/* Line 1318 of yacc.c. */
+#line 230 "parse.h"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1
index 0010c8481e..22fcc0b003 100644
--- a/source4/heimdal/lib/asn1/test.asn1
+++ b/source4/heimdal/lib/asn1/test.asn1
@@ -1,9 +1,11 @@
--- $Id: test.asn1,v 1.5 2005/07/21 20:48:27 lha Exp $ --
+-- $Id: test.asn1,v 1.8 2006/01/31 09:42:04 lha Exp $ --
TEST DEFINITIONS ::=
BEGIN
+IMPORTS heim_any FROM heim;
+
TESTLargeTag ::= SEQUENCE {
foo[127] INTEGER (-2147483648..2147483647)
}
@@ -45,4 +47,40 @@ TESTImplicit2 ::= SEQUENCE {
ti3[2] IMPLICIT TESTInteger3
}
+TESTAllocInner ::= SEQUENCE {
+ ai[0] TESTInteger
+}
+
+TESTAlloc ::= SEQUENCE {
+ tagless TESTAllocInner OPTIONAL,
+ three [1] INTEGER (-2147483648..2147483647),
+ tagless2 heim_any OPTIONAL
+}
+
+
+TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
+TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
+ { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
+)
+
+TESTDer OBJECT IDENTIFIER ::= {
+ joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1)
+}
+
+TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY
+ { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
+)
+
+TESTCONTAININGENCODEDBY2 ::= OCTET STRING (
+ CONTAINING INTEGER ENCODED BY TESTDer
+)
+
+
+TESTValue1 INTEGER ::= 1
+
+TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
+-- TESTUSERCONSTRAINED2 ::= OCTET STRING (CONSTRAINED BY { TESTInteger })
+-- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER })
+-- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 })
+
END
diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c
index f19c1b26f3..925615f244 100644
--- a/source4/heimdal/lib/com_err/lex.c
+++ b/source4/heimdal/lib/com_err/lex.c
@@ -1,85 +1,32 @@
-
-#line 3 "lex.yy.c"
-
-#define YY_INT_ALIGNED short int
-
/* A lexical scanner generated by flex */
+/* Scanner skeleton version:
+ * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $
+ */
+
#define FLEX_SCANNER
#define YY_FLEX_MAJOR_VERSION 2
#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 31
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-/* First, we deal with platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+#include <unistd.h>
-#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t;
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX (65535U)
+/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
+#ifdef c_plusplus
+#ifndef __cplusplus
+#define __cplusplus
#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX (4294967295U)
#endif
-#endif /* ! FLEXINT_H */
#ifdef __cplusplus
+#include <stdlib.h>
+
+/* Use prototypes in function declarations. */
+#define YY_USE_PROTOS
+
/* The "const" storage-class-modifier is valid. */
#define YY_USE_CONST
@@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t;
#if __STDC__
+#define YY_USE_PROTOS
#define YY_USE_CONST
#endif /* __STDC__ */
#endif /* ! __cplusplus */
+#ifdef __TURBOC__
+ #pragma warn -rch
+ #pragma warn -use
+#include <io.h>
+#include <stdlib.h>
+#define YY_USE_CONST
+#define YY_USE_PROTOS
+#endif
+
#ifdef YY_USE_CONST
#define yyconst const
#else
#define yyconst
#endif
+
+#ifdef YY_USE_PROTOS
+#define YY_PROTO(proto) proto
+#else
+#define YY_PROTO(proto) ()
+#endif
+
/* Returned upon end-of-file. */
#define YY_NULL 0
@@ -112,71 +76,71 @@ typedef unsigned int flex_uint32_t;
* but we do it the disgusting crufty way forced on us by the ()-less
* definition of BEGIN.
*/
-#define BEGIN (yy_start) = 1 + 2 *
+#define BEGIN yy_start = 1 + 2 *
/* Translate the current start state into a value that can be later handed
* to BEGIN to return to the state. The YYSTATE alias is for lex
* compatibility.
*/
-#define YY_START (((yy_start) - 1) / 2)
+#define YY_START ((yy_start - 1) / 2)
#define YYSTATE YY_START
/* Action number for EOF rule of a given start state. */
#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin )
+#define YY_NEW_FILE yyrestart( yyin )
#define YY_END_OF_BUFFER_CHAR 0
/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
#define YY_BUF_SIZE 16384
-#endif
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
extern int yyleng;
-
extern FILE *yyin, *yyout;
#define EOB_ACT_CONTINUE_SCAN 0
#define EOB_ACT_END_OF_FILE 1
#define EOB_ACT_LAST_MATCH 2
- #define YY_LESS_LINENO(n)
-
-/* Return all but the first "n" matched characters back to the input stream. */
+/* The funky do-while in the following #define is used to turn the definition
+ * int a single C statement (which needs a semi-colon terminator). This
+ * avoids problems with code like:
+ *
+ * if ( condition_holds )
+ * yyless( 5 );
+ * else
+ * do_something_else();
+ *
+ * Prior to using the do-while the compiler would get upset at the
+ * "else" because it interpreted the "if" statement as being all
+ * done when it reached the ';' after the yyless() call.
+ */
+
+/* Return all but the first 'n' matched characters back to the input stream. */
+
#define yyless(n) \
do \
{ \
/* Undo effects of setting up yytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- *yy_cp = (yy_hold_char); \
+ *yy_cp = yy_hold_char; \
YY_RESTORE_YY_MORE_OFFSET \
- (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+ yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
YY_DO_BEFORE_ACTION; /* set up yytext again */ \
} \
while ( 0 )
-#define unput(c) yyunput( c, (yytext_ptr) )
+#define unput(c) yyunput( c, yytext_ptr )
/* The following is because we cannot portably get our hands on size_t
* (without autoconf's help, which isn't available because we want
* flex-generated scanners to compile on their own).
*/
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
typedef unsigned int yy_size_t;
-#endif
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
+
struct yy_buffer_state
{
FILE *yy_input_file;
@@ -213,16 +177,12 @@ struct yy_buffer_state
*/
int yy_at_bol;
- int yy_bs_lineno; /**< The line count. */
- int yy_bs_column; /**< The column count. */
-
/* Whether to try to fill the input buffer when we reach the
* end of it.
*/
int yy_fill_buffer;
int yy_buffer_status;
-
#define YY_BUFFER_NEW 0
#define YY_BUFFER_NORMAL 1
/* When an EOF's been seen but there's still some text to process
@@ -236,33 +196,23 @@ struct yy_buffer_state
* just pointing yyin at a new input file.
*/
#define YY_BUFFER_EOF_PENDING 2
-
};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+static YY_BUFFER_STATE yy_current_buffer = 0;
/* We provide macros for accessing buffer states in case in the
* future we want to put the buffer states in a more general
* "scanner state".
- *
- * Returns the top of the stack, or NULL.
*/
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
- ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
- : NULL)
+#define YY_CURRENT_BUFFER yy_current_buffer
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
/* yy_hold_char holds the character lost when yytext is formed. */
static char yy_hold_char;
+
static int yy_n_chars; /* number of characters read into yy_ch_buf */
+
+
int yyleng;
/* Points to current character in buffer. */
@@ -275,92 +225,66 @@ static int yy_start = 0; /* start state number */
*/
static int yy_did_buffer_switch_on_eof;
-void yyrestart (FILE *input_file );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
-void yy_delete_buffer (YY_BUFFER_STATE b );
-void yy_flush_buffer (YY_BUFFER_STATE b );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
-void yypop_buffer_state (void );
+void yyrestart YY_PROTO(( FILE *input_file ));
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
+void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
+void yy_load_buffer_state YY_PROTO(( void ));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
+void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
+void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
+YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len );
-
-void *yyalloc (yy_size_t );
-void *yyrealloc (void *,yy_size_t );
-void yyfree (void * );
+static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
+static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
+static void yy_flex_free YY_PROTO(( void * ));
#define yy_new_buffer yy_create_buffer
#define yy_set_interactive(is_interactive) \
{ \
- if ( ! YY_CURRENT_BUFFER ){ \
- yyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- yy_create_buffer(yyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ if ( ! yy_current_buffer ) \
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ yy_current_buffer->yy_is_interactive = is_interactive; \
}
#define yy_set_bol(at_bol) \
{ \
- if ( ! YY_CURRENT_BUFFER ){\
- yyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- yy_create_buffer(yyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ if ( ! yy_current_buffer ) \
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ yy_current_buffer->yy_at_bol = at_bol; \
}
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
+#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
typedef unsigned char YY_CHAR;
-
FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
extern char *yytext;
#define yytext_ptr yytext
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[] );
+static yy_state_type yy_get_previous_state YY_PROTO(( void ));
+static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
+static int yy_get_next_buffer YY_PROTO(( void ));
+static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
/* Done after the current pattern has been matched and before the
* corresponding action - sets up yytext.
*/
#define YY_DO_BEFORE_ACTION \
- (yytext_ptr) = yy_bp; \
- yyleng = (size_t) (yy_cp - yy_bp); \
- (yy_hold_char) = *yy_cp; \
+ yytext_ptr = yy_bp; \
+ yyleng = (int) (yy_cp - yy_bp); \
+ yy_hold_char = *yy_cp; \
*yy_cp = '\0'; \
- (yy_c_buf_p) = yy_cp;
+ yy_c_buf_p = yy_cp;
#define YY_NUM_RULES 16
#define YY_END_OF_BUFFER 17
-/* This struct is not used in this scanner,
- but its presence is necessary. */
-struct yy_trans_info
- {
- flex_int32_t yy_verify;
- flex_int32_t yy_nxt;
- };
-static yyconst flex_int16_t yy_accept[46] =
+static yyconst short int yy_accept[46] =
{ 0,
0, 0, 17, 15, 11, 12, 13, 10, 9, 14,
14, 14, 14, 10, 9, 14, 3, 14, 14, 1,
@@ -369,7 +293,7 @@ static yyconst flex_int16_t yy_accept[46] =
14, 4, 14, 2, 0
} ;
-static yyconst flex_int32_t yy_ec[256] =
+static yyconst int yy_ec[256] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -401,14 +325,14 @@ static yyconst flex_int32_t yy_ec[256] =
1, 1, 1, 1, 1
} ;
-static yyconst flex_int32_t yy_meta[23] =
+static yyconst int yy_meta[23] =
{ 0,
1, 1, 2, 1, 1, 3, 3, 3, 3, 3,
3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
3, 3
} ;
-static yyconst flex_int16_t yy_base[48] =
+static yyconst short int yy_base[48] =
{ 0,
0, 0, 56, 57, 57, 57, 57, 0, 49, 0,
12, 13, 34, 0, 47, 0, 0, 40, 31, 0,
@@ -417,7 +341,7 @@ static yyconst flex_int16_t yy_base[48] =
12, 0, 14, 0, 57, 34, 23
} ;
-static yyconst flex_int16_t yy_def[48] =
+static yyconst short int yy_def[48] =
{ 0,
45, 1, 45, 45, 45, 45, 45, 46, 47, 47,
47, 47, 47, 46, 47, 47, 47, 47, 47, 47,
@@ -426,7 +350,7 @@ static yyconst flex_int16_t yy_def[48] =
47, 47, 47, 47, 0, 45, 45
} ;
-static yyconst flex_int16_t yy_nxt[80] =
+static yyconst short int yy_nxt[80] =
{ 0,
4, 5, 6, 7, 8, 9, 10, 10, 10, 10,
10, 10, 11, 10, 12, 10, 10, 10, 13, 10,
@@ -438,7 +362,7 @@ static yyconst flex_int16_t yy_nxt[80] =
45, 45, 45, 45, 45, 45, 45, 45, 45
} ;
-static yyconst flex_int16_t yy_chk[80] =
+static yyconst short int yy_chk[80] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -453,9 +377,6 @@ static yyconst flex_int16_t yy_chk[80] =
static yy_state_type yy_last_accepting_state;
static char *yy_last_accepting_cpos;
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
/* The intent behind this definition is that it'll catch
* any uses of REJECT which flex missed.
*/
@@ -465,6 +386,7 @@ int yy_flex_debug = 0;
#define YY_RESTORE_YY_MORE_OFFSET
char *yytext;
#line 1 "lex.l"
+#define INITIAL 0
#line 2 "lex.l"
/*
* Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
@@ -520,21 +442,7 @@ static int getstring(void);
#undef ECHO
-#line 524 "lex.yy.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
+#line 446 "lex.yy.c"
/* Macros after this point can all be overridden by user definitions in
* section 1.
@@ -542,30 +450,65 @@ static int getstring(void);
#ifndef YY_SKIP_YYWRAP
#ifdef __cplusplus
-extern "C" int yywrap (void );
+extern "C" int yywrap YY_PROTO(( void ));
#else
-extern int yywrap (void );
+extern int yywrap YY_PROTO(( void ));
+#endif
#endif
+
+#ifndef YY_NO_UNPUT
+static void yyunput YY_PROTO(( int c, char *buf_ptr ));
#endif
- static void yyunput (int c,char *buf_ptr );
-
#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
+static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
#endif
#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
+static int yy_flex_strlen YY_PROTO(( yyconst char * ));
#endif
#ifndef YY_NO_INPUT
-
#ifdef __cplusplus
-static int yyinput (void );
+static int yyinput YY_PROTO(( void ));
#else
-static int input (void );
+static int input YY_PROTO(( void ));
+#endif
+#endif
+
+#if YY_STACK_USED
+static int yy_start_stack_ptr = 0;
+static int yy_start_stack_depth = 0;
+static int *yy_start_stack = 0;
+#ifndef YY_NO_PUSH_STATE
+static void yy_push_state YY_PROTO(( int new_state ));
+#endif
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state YY_PROTO(( void ));
+#endif
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state YY_PROTO(( void ));
#endif
+#else
+#define YY_NO_PUSH_STATE 1
+#define YY_NO_POP_STATE 1
+#define YY_NO_TOP_STATE 1
+#endif
+
+#ifdef YY_MALLOC_DECL
+YY_MALLOC_DECL
+#else
+#if __STDC__
+#ifndef __cplusplus
+#include <stdlib.h>
+#endif
+#else
+/* Just try to get by without declaring the routines. This will fail
+ * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
+ * or sizeof(void*) != sizeof(int).
+ */
+#endif
#endif
/* Amount of stuff to slurp up with each read. */
@@ -574,6 +517,7 @@ static int input (void );
#endif
/* Copy whatever the last rule matched to the standard output. */
+
#ifndef ECHO
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
@@ -586,10 +530,9 @@ static int input (void );
*/
#ifndef YY_INPUT
#define YY_INPUT(buf,result,max_size) \
- if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ if ( yy_current_buffer->yy_is_interactive ) \
{ \
- int c = '*'; \
- size_t n; \
+ int c = '*', n; \
for ( n = 0; n < max_size && \
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
buf[n] = (char) c; \
@@ -599,22 +542,9 @@ static int input (void );
YY_FATAL_ERROR( "input in flex scanner failed" ); \
result = n; \
} \
- else \
- { \
- errno=0; \
- while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
- { \
- if( errno != EINTR) \
- { \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- break; \
- } \
- errno=0; \
- clearerr(yyin); \
- } \
- }\
-\
-
+ else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
+ && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" );
#endif
/* No semi-colon after return; correct usage is to write "yyterminate();" -
@@ -635,18 +565,12 @@ static int input (void );
#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
#endif
-/* end tables serialization structures and prototypes */
-
/* Default declaration of generated scanner - a define so the user can
* easily add parameters.
*/
#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
+#define YY_DECL int yylex YY_PROTO(( void ))
+#endif
/* Code executed at the beginning of each rule, after yytext and yyleng
* have been set up.
@@ -663,28 +587,26 @@ extern int yylex (void);
#define YY_RULE_SETUP \
YY_USER_ACTION
-/** The main scanner function which does all the work.
- */
YY_DECL
-{
+ {
register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
+ register char *yy_cp = NULL, *yy_bp = NULL;
register int yy_act;
-
+
#line 59 "lex.l"
-#line 677 "lex.yy.c"
+#line 599 "lex.yy.c"
- if ( (yy_init) )
+ if ( yy_init )
{
- (yy_init) = 0;
+ yy_init = 0;
#ifdef YY_USER_INIT
YY_USER_INIT;
#endif
- if ( ! (yy_start) )
- (yy_start) = 1; /* first start state */
+ if ( ! yy_start )
+ yy_start = 1; /* first start state */
if ( ! yyin )
yyin = stdin;
@@ -692,36 +614,34 @@ YY_DECL
if ( ! yyout )
yyout = stdout;
- if ( ! YY_CURRENT_BUFFER ) {
- yyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- yy_create_buffer(yyin,YY_BUF_SIZE );
- }
+ if ( ! yy_current_buffer )
+ yy_current_buffer =
+ yy_create_buffer( yyin, YY_BUF_SIZE );
- yy_load_buffer_state( );
+ yy_load_buffer_state();
}
while ( 1 ) /* loops until end-of-file is reached */
{
- yy_cp = (yy_c_buf_p);
+ yy_cp = yy_c_buf_p;
/* Support of yytext. */
- *yy_cp = (yy_hold_char);
+ *yy_cp = yy_hold_char;
/* yy_bp points to the position in yy_ch_buf of the start of
* the current run.
*/
yy_bp = yy_cp;
- yy_current_state = (yy_start);
+ yy_current_state = yy_start;
yy_match:
do
{
register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
if ( yy_accept[yy_current_state] )
{
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
}
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
@@ -738,22 +658,24 @@ yy_find_action:
yy_act = yy_accept[yy_current_state];
if ( yy_act == 0 )
{ /* have to back up */
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
yy_act = yy_accept[yy_current_state];
}
YY_DO_BEFORE_ACTION;
+
do_action: /* This label is used only to access EOF actions. */
+
switch ( yy_act )
{ /* beginning of action switch */
case 0: /* must back up */
/* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = (yy_hold_char);
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
+ *yy_cp = yy_hold_char;
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
goto yy_find_action;
case 1:
@@ -812,7 +734,6 @@ YY_RULE_SETUP
;
YY_BREAK
case 12:
-/* rule 12 can match eol */
YY_RULE_SETUP
#line 71 "lex.l"
{ lineno++; }
@@ -837,33 +758,33 @@ YY_RULE_SETUP
#line 75 "lex.l"
ECHO;
YY_BREAK
-#line 841 "lex.yy.c"
+#line 762 "lex.yy.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
case YY_END_OF_BUFFER:
{
/* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+ int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
/* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = (yy_hold_char);
+ *yy_cp = yy_hold_char;
YY_RESTORE_YY_MORE_OFFSET
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+ if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
{
/* We're scanning a new file or input source. It's
* possible that this happened because the user
* just pointed yyin at a new source and called
* yylex(). If so, then we have to assure
- * consistency between YY_CURRENT_BUFFER and our
+ * consistency between yy_current_buffer and our
* globals. Here is the right place to do so, because
* this is the first action (other than possibly a
* back-up) that will match for the new input source.
*/
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yy_current_buffer->yy_input_file = yyin;
+ yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
}
/* Note that here we test for yy_c_buf_p "<=" to the position
@@ -873,13 +794,13 @@ case YY_STATE_EOF(INITIAL):
* end-of-buffer state). Contrast this with the test
* in input().
*/
- if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
{ /* This was really a NUL. */
yy_state_type yy_next_state;
- (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+ yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
- yy_current_state = yy_get_previous_state( );
+ yy_current_state = yy_get_previous_state();
/* Okay, we're now positioned to make the NUL
* transition. We couldn't have
@@ -892,30 +813,30 @@ case YY_STATE_EOF(INITIAL):
yy_next_state = yy_try_NUL_trans( yy_current_state );
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
if ( yy_next_state )
{
/* Consume the NUL. */
- yy_cp = ++(yy_c_buf_p);
+ yy_cp = ++yy_c_buf_p;
yy_current_state = yy_next_state;
goto yy_match;
}
else
{
- yy_cp = (yy_c_buf_p);
+ yy_cp = yy_c_buf_p;
goto yy_find_action;
}
}
- else switch ( yy_get_next_buffer( ) )
+ else switch ( yy_get_next_buffer() )
{
case EOB_ACT_END_OF_FILE:
{
- (yy_did_buffer_switch_on_eof) = 0;
+ yy_did_buffer_switch_on_eof = 0;
- if ( yywrap( ) )
+ if ( yywrap() )
{
/* Note: because we've taken care in
* yy_get_next_buffer() to have set up
@@ -926,7 +847,7 @@ case YY_STATE_EOF(INITIAL):
* YY_NULL, it'll still work - another
* YY_NULL will get returned.
*/
- (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+ yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
yy_act = YY_STATE_EOF(YY_START);
goto do_action;
@@ -934,30 +855,30 @@ case YY_STATE_EOF(INITIAL):
else
{
- if ( ! (yy_did_buffer_switch_on_eof) )
+ if ( ! yy_did_buffer_switch_on_eof )
YY_NEW_FILE;
}
break;
}
case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) =
- (yytext_ptr) + yy_amount_of_matched_text;
+ yy_c_buf_p =
+ yytext_ptr + yy_amount_of_matched_text;
- yy_current_state = yy_get_previous_state( );
+ yy_current_state = yy_get_previous_state();
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
goto yy_match;
case EOB_ACT_LAST_MATCH:
- (yy_c_buf_p) =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+ yy_c_buf_p =
+ &yy_current_buffer->yy_ch_buf[yy_n_chars];
- yy_current_state = yy_get_previous_state( );
+ yy_current_state = yy_get_previous_state();
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
goto yy_find_action;
}
break;
@@ -968,7 +889,8 @@ case YY_STATE_EOF(INITIAL):
"fatal flex scanner internal error--no action found" );
} /* end of action switch */
} /* end of scanning one token */
-} /* end of yylex */
+ } /* end of yylex */
+
/* yy_get_next_buffer - try to read in a new buffer
*
@@ -977,20 +899,21 @@ case YY_STATE_EOF(INITIAL):
* EOB_ACT_CONTINUE_SCAN - continue scanning from current position
* EOB_ACT_END_OF_FILE - end of file
*/
-static int yy_get_next_buffer (void)
-{
- register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
- register char *source = (yytext_ptr);
+
+static int yy_get_next_buffer()
+ {
+ register char *dest = yy_current_buffer->yy_ch_buf;
+ register char *source = yytext_ptr;
register int number_to_move, i;
int ret_val;
- if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+ if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
YY_FATAL_ERROR(
"fatal flex scanner internal error--end of buffer missed" );
- if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+ if ( yy_current_buffer->yy_fill_buffer == 0 )
{ /* Don't try to fill the buffer, so this is an EOF. */
- if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+ if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
{
/* We matched a single character, the EOB, so
* treat this as a final EOF.
@@ -1010,30 +933,34 @@ static int yy_get_next_buffer (void)
/* Try to read more data. */
/* First move last chars to start of buffer. */
- number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+ number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
for ( i = 0; i < number_to_move; ++i )
*(dest++) = *(source++);
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+ yy_current_buffer->yy_n_chars = yy_n_chars = 0;
else
{
- size_t num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ int num_to_read =
+ yy_current_buffer->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
+#ifdef YY_USES_REJECT
+ YY_FATAL_ERROR(
+"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
+#else
/* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+ YY_BUFFER_STATE b = yy_current_buffer;
int yy_c_buf_p_offset =
- (int) ((yy_c_buf_p) - b->yy_ch_buf);
+ (int) (yy_c_buf_p - b->yy_ch_buf);
if ( b->yy_is_our_buffer )
{
@@ -1046,7 +973,8 @@ static int yy_get_next_buffer (void)
b->yy_ch_buf = (char *)
/* Include room in for 2 EOB chars. */
- yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
+ yy_flex_realloc( (void *) b->yy_ch_buf,
+ b->yy_buf_size + 2 );
}
else
/* Can't grow it, we don't own it. */
@@ -1056,35 +984,35 @@ static int yy_get_next_buffer (void)
YY_FATAL_ERROR(
"fatal error - scanner input buffer overflow" );
- (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+ yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
- num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+ num_to_read = yy_current_buffer->yy_buf_size -
number_to_move - 1;
-
+#endif
}
if ( num_to_read > YY_READ_BUF_SIZE )
num_to_read = YY_READ_BUF_SIZE;
/* Read in more data. */
- YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
- (yy_n_chars), num_to_read );
+ YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
+ yy_n_chars, num_to_read );
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ yy_current_buffer->yy_n_chars = yy_n_chars;
}
- if ( (yy_n_chars) == 0 )
+ if ( yy_n_chars == 0 )
{
if ( number_to_move == YY_MORE_ADJ )
{
ret_val = EOB_ACT_END_OF_FILE;
- yyrestart(yyin );
+ yyrestart( yyin );
}
else
{
ret_val = EOB_ACT_LAST_MATCH;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+ yy_current_buffer->yy_buffer_status =
YY_BUFFER_EOF_PENDING;
}
}
@@ -1092,31 +1020,32 @@ static int yy_get_next_buffer (void)
else
ret_val = EOB_ACT_CONTINUE_SCAN;
- (yy_n_chars) += number_to_move;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+ yy_n_chars += number_to_move;
+ yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+ yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
- (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+ yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
return ret_val;
-}
+ }
+
/* yy_get_previous_state - get the state just before the EOB char was reached */
- static yy_state_type yy_get_previous_state (void)
-{
+static yy_state_type yy_get_previous_state()
+ {
register yy_state_type yy_current_state;
register char *yy_cp;
-
- yy_current_state = (yy_start);
- for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ yy_current_state = yy_start;
+
+ for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
{
register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
if ( yy_accept[yy_current_state] )
{
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
}
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
@@ -1128,23 +1057,30 @@ static int yy_get_next_buffer (void)
}
return yy_current_state;
-}
+ }
+
/* yy_try_NUL_trans - try to make a transition on the NUL character
*
* synopsis
* next_state = yy_try_NUL_trans( current_state );
*/
- static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
-{
+
+#ifdef YY_USE_PROTOS
+static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
+#else
+static yy_state_type yy_try_NUL_trans( yy_current_state )
+yy_state_type yy_current_state;
+#endif
+ {
register int yy_is_jam;
- register char *yy_cp = (yy_c_buf_p);
+ register char *yy_cp = yy_c_buf_p;
register YY_CHAR yy_c = 1;
if ( yy_accept[yy_current_state] )
{
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
}
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
@@ -1156,73 +1092,81 @@ static int yy_get_next_buffer (void)
yy_is_jam = (yy_current_state == 45);
return yy_is_jam ? 0 : yy_current_state;
-}
+ }
- static void yyunput (int c, register char * yy_bp )
-{
- register char *yy_cp;
-
- yy_cp = (yy_c_buf_p);
+
+#ifndef YY_NO_UNPUT
+#ifdef YY_USE_PROTOS
+static void yyunput( int c, register char *yy_bp )
+#else
+static void yyunput( c, yy_bp )
+int c;
+register char *yy_bp;
+#endif
+ {
+ register char *yy_cp = yy_c_buf_p;
/* undo effects of setting up yytext */
- *yy_cp = (yy_hold_char);
+ *yy_cp = yy_hold_char;
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
{ /* need to shift things up to make room */
/* +2 for EOB chars. */
- register int number_to_move = (yy_n_chars) + 2;
- register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+ register int number_to_move = yy_n_chars + 2;
+ register char *dest = &yy_current_buffer->yy_ch_buf[
+ yy_current_buffer->yy_buf_size + 2];
register char *source =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+ &yy_current_buffer->yy_ch_buf[number_to_move];
- while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ while ( source > yy_current_buffer->yy_ch_buf )
*--dest = *--source;
yy_cp += (int) (dest - source);
yy_bp += (int) (dest - source);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+ yy_current_buffer->yy_n_chars =
+ yy_n_chars = yy_current_buffer->yy_buf_size;
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
YY_FATAL_ERROR( "flex scanner push-back overflow" );
}
*--yy_cp = (char) c;
- (yytext_ptr) = yy_bp;
- (yy_hold_char) = *yy_cp;
- (yy_c_buf_p) = yy_cp;
-}
+
+ yytext_ptr = yy_bp;
+ yy_hold_char = *yy_cp;
+ yy_c_buf_p = yy_cp;
+ }
+#endif /* ifndef YY_NO_UNPUT */
+
#ifndef YY_NO_INPUT
#ifdef __cplusplus
- static int yyinput (void)
+static int yyinput()
#else
- static int input (void)
+static int input()
#endif
-
-{
+ {
int c;
-
- *(yy_c_buf_p) = (yy_hold_char);
- if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+ *yy_c_buf_p = yy_hold_char;
+
+ if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
{
/* yy_c_buf_p now points to the character we want to return.
* If this occurs *before* the EOB characters, then it's a
* valid NUL; if not, then we've hit the end of the buffer.
*/
- if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
/* This was really a NUL. */
- *(yy_c_buf_p) = '\0';
+ *yy_c_buf_p = '\0';
else
{ /* need more input */
- int offset = (yy_c_buf_p) - (yytext_ptr);
- ++(yy_c_buf_p);
+ int offset = yy_c_buf_p - yytext_ptr;
+ ++yy_c_buf_p;
- switch ( yy_get_next_buffer( ) )
+ switch ( yy_get_next_buffer() )
{
case EOB_ACT_LAST_MATCH:
/* This happens because yy_g_n_b()
@@ -1236,16 +1180,16 @@ static int yy_get_next_buffer (void)
*/
/* Reset buffer status. */
- yyrestart(yyin );
+ yyrestart( yyin );
- /*FALLTHROUGH*/
+ /* fall through */
case EOB_ACT_END_OF_FILE:
{
- if ( yywrap( ) )
+ if ( yywrap() )
return EOF;
- if ( ! (yy_did_buffer_switch_on_eof) )
+ if ( ! yy_did_buffer_switch_on_eof )
YY_NEW_FILE;
#ifdef __cplusplus
return yyinput();
@@ -1255,92 +1199,90 @@ static int yy_get_next_buffer (void)
}
case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) = (yytext_ptr) + offset;
+ yy_c_buf_p = yytext_ptr + offset;
break;
}
}
}
- c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
- *(yy_c_buf_p) = '\0'; /* preserve yytext */
- (yy_hold_char) = *++(yy_c_buf_p);
+ c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
+ *yy_c_buf_p = '\0'; /* preserve yytext */
+ yy_hold_char = *++yy_c_buf_p;
+
return c;
-}
-#endif /* ifndef YY_NO_INPUT */
+ }
+#endif /* YY_NO_INPUT */
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- *
- * @note This function does not reset the start condition to @c INITIAL .
- */
- void yyrestart (FILE * input_file )
-{
-
- if ( ! YY_CURRENT_BUFFER ){
- yyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- yy_create_buffer(yyin,YY_BUF_SIZE );
+#ifdef YY_USE_PROTOS
+void yyrestart( FILE *input_file )
+#else
+void yyrestart( input_file )
+FILE *input_file;
+#endif
+ {
+ if ( ! yy_current_buffer )
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
+
+ yy_init_buffer( yy_current_buffer, input_file );
+ yy_load_buffer_state();
}
- yy_init_buffer(YY_CURRENT_BUFFER,input_file );
- yy_load_buffer_state( );
-}
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- *
- */
- void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
-{
-
- /* TODO. We should be able to replace this entire function body
- * with
- * yypop_buffer_state();
- * yypush_buffer_state(new_buffer);
- */
- yyensure_buffer_stack ();
- if ( YY_CURRENT_BUFFER == new_buffer )
+#ifdef YY_USE_PROTOS
+void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
+#else
+void yy_switch_to_buffer( new_buffer )
+YY_BUFFER_STATE new_buffer;
+#endif
+ {
+ if ( yy_current_buffer == new_buffer )
return;
- if ( YY_CURRENT_BUFFER )
+ if ( yy_current_buffer )
{
/* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ *yy_c_buf_p = yy_hold_char;
+ yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+ yy_current_buffer->yy_n_chars = yy_n_chars;
}
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
- yy_load_buffer_state( );
+ yy_current_buffer = new_buffer;
+ yy_load_buffer_state();
/* We don't actually know whether we did this switch during
* EOF (yywrap()) processing, but the only time this flag
* is looked at is after yywrap() is called, so it's safe
* to go ahead and always set it.
*/
- (yy_did_buffer_switch_on_eof) = 1;
-}
+ yy_did_buffer_switch_on_eof = 1;
+ }
-static void yy_load_buffer_state (void)
-{
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
- yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
- (yy_hold_char) = *(yy_c_buf_p);
-}
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- *
- * @return the allocated buffer state.
- */
- YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
-{
+#ifdef YY_USE_PROTOS
+void yy_load_buffer_state( void )
+#else
+void yy_load_buffer_state()
+#endif
+ {
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+ yyin = yy_current_buffer->yy_input_file;
+ yy_hold_char = *yy_c_buf_p;
+ }
+
+
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
+#else
+YY_BUFFER_STATE yy_create_buffer( file, size )
+FILE *file;
+int size;
+#endif
+ {
YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+
+ b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
if ( ! b )
YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
@@ -1349,75 +1291,75 @@ static void yy_load_buffer_state (void)
/* yy_ch_buf has to be 2 characters longer than the size given because
* we need to put in 2 end-of-buffer characters.
*/
- b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
+ b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
if ( ! b->yy_ch_buf )
YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
b->yy_is_our_buffer = 1;
- yy_init_buffer(b,file );
+ yy_init_buffer( b, file );
return b;
-}
+ }
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- *
- */
- void yy_delete_buffer (YY_BUFFER_STATE b )
-{
-
+
+#ifdef YY_USE_PROTOS
+void yy_delete_buffer( YY_BUFFER_STATE b )
+#else
+void yy_delete_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+ {
if ( ! b )
return;
- if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
- YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+ if ( b == yy_current_buffer )
+ yy_current_buffer = (YY_BUFFER_STATE) 0;
if ( b->yy_is_our_buffer )
- yyfree((void *) b->yy_ch_buf );
+ yy_flex_free( (void *) b->yy_ch_buf );
- yyfree((void *) b );
-}
+ yy_flex_free( (void *) b );
+ }
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
- static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
-{
- int oerrno = errno;
-
- yy_flush_buffer(b );
+
+#ifdef YY_USE_PROTOS
+void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
+#else
+void yy_init_buffer( b, file )
+YY_BUFFER_STATE b;
+FILE *file;
+#endif
+
+
+ {
+ yy_flush_buffer( b );
b->yy_input_file = file;
b->yy_fill_buffer = 1;
- /* If b is the current buffer, then yy_init_buffer was _probably_
- * called from yyrestart() or through yy_get_next_buffer.
- * In that case, we don't want to reset the lineno or column.
- */
- if (b != YY_CURRENT_BUFFER){
- b->yy_bs_lineno = 1;
- b->yy_bs_column = 0;
- }
+#if YY_ALWAYS_INTERACTIVE
+ b->yy_is_interactive = 1;
+#else
+#if YY_NEVER_INTERACTIVE
+ b->yy_is_interactive = 0;
+#else
+ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+#endif
+#endif
+ }
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-
- errno = oerrno;
-}
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- *
- */
- void yy_flush_buffer (YY_BUFFER_STATE b )
-{
- if ( ! b )
+#ifdef YY_USE_PROTOS
+void yy_flush_buffer( YY_BUFFER_STATE b )
+#else
+void yy_flush_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+
+ {
+ if ( ! b )
return;
b->yy_n_chars = 0;
@@ -1434,121 +1376,29 @@ extern int isatty (int );
b->yy_at_bol = 1;
b->yy_buffer_status = YY_BUFFER_NEW;
- if ( b == YY_CURRENT_BUFFER )
- yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- * the current state. This function will allocate the stack
- * if necessary.
- * @param new_buffer The new state.
- *
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
- if (new_buffer == NULL)
- return;
-
- yyensure_buffer_stack();
-
- /* This block is copied from yy_switch_to_buffer. */
- if ( YY_CURRENT_BUFFER )
- {
- /* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- /* Only push if top exists. Otherwise, replace top. */
- if (YY_CURRENT_BUFFER)
- (yy_buffer_stack_top)++;
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
- /* copied from yy_switch_to_buffer. */
- yy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- * The next element becomes the new top.
- *
- */
-void yypop_buffer_state (void)
-{
- if (!YY_CURRENT_BUFFER)
- return;
-
- yy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- if ((yy_buffer_stack_top) > 0)
- --(yy_buffer_stack_top);
-
- if (YY_CURRENT_BUFFER) {
- yy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
+ if ( b == yy_current_buffer )
+ yy_load_buffer_state();
}
-}
-/* Allocates the stack if it does not exist.
- * Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
- int num_to_alloc;
-
- if (!(yy_buffer_stack)) {
-
- /* First allocation is just for 2 elements, since we don't know if this
- * scanner will even need a stack. We use 2 instead of 1 to avoid an
- * immediate realloc on the next call.
- */
- num_to_alloc = 1;
- (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
- (num_to_alloc * sizeof(struct yy_buffer_state*)
- );
-
- memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-
- (yy_buffer_stack_max) = num_to_alloc;
- (yy_buffer_stack_top) = 0;
- return;
- }
-
- if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
- /* Increase the buffer to prepare for a possible push. */
- int grow_size = 8 /* arbitrary grow size */;
- num_to_alloc = (yy_buffer_stack_max) + grow_size;
- (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
- ((yy_buffer_stack),
- num_to_alloc * sizeof(struct yy_buffer_state*)
- );
-
- /* zero only the new slots.*/
- memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
- (yy_buffer_stack_max) = num_to_alloc;
- }
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
-{
+#ifndef YY_NO_SCAN_BUFFER
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
+#else
+YY_BUFFER_STATE yy_scan_buffer( base, size )
+char *base;
+yy_size_t size;
+#endif
+ {
YY_BUFFER_STATE b;
-
+
if ( size < 2 ||
base[size-2] != YY_END_OF_BUFFER_CHAR ||
base[size-1] != YY_END_OF_BUFFER_CHAR )
/* They forgot to leave room for the EOB's. */
return 0;
- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
if ( ! b )
YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
@@ -1562,42 +1412,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
b->yy_fill_buffer = 0;
b->yy_buffer_status = YY_BUFFER_NEW;
- yy_switch_to_buffer(b );
+ yy_switch_to_buffer( b );
return b;
-}
+ }
+#endif
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param yy_str a NUL-terminated string to scan
- *
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- * yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str )
-{
-
- return yy_scan_bytes(yy_str,strlen(yy_str) );
-}
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len )
-{
+#ifndef YY_NO_SCAN_STRING
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
+#else
+YY_BUFFER_STATE yy_scan_string( yy_str )
+yyconst char *yy_str;
+#endif
+ {
+ int len;
+ for ( len = 0; yy_str[len]; ++len )
+ ;
+
+ return yy_scan_bytes( yy_str, len );
+ }
+#endif
+
+
+#ifndef YY_NO_SCAN_BYTES
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
+#else
+YY_BUFFER_STATE yy_scan_bytes( bytes, len )
+yyconst char *bytes;
+int len;
+#endif
+ {
YY_BUFFER_STATE b;
char *buf;
yy_size_t n;
int i;
-
+
/* Get memory for full buffer, including space for trailing EOB's. */
n = len + 2;
- buf = (char *) yyalloc(n );
+ buf = (char *) yy_flex_alloc( n );
if ( ! buf )
YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
@@ -1606,7 +1461,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len )
buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
- b = yy_scan_buffer(buf,n );
+ b = yy_scan_buffer( buf, n );
if ( ! b )
YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
@@ -1616,164 +1471,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len )
b->yy_is_our_buffer = 1;
return b;
-}
+ }
+#endif
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
+
+#ifndef YY_NO_PUSH_STATE
+#ifdef YY_USE_PROTOS
+static void yy_push_state( int new_state )
+#else
+static void yy_push_state( new_state )
+int new_state;
#endif
+ {
+ if ( yy_start_stack_ptr >= yy_start_stack_depth )
+ {
+ yy_size_t new_size;
-static void yy_fatal_error (yyconst char* msg )
-{
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
-}
+ yy_start_stack_depth += YY_START_STACK_INCR;
+ new_size = yy_start_stack_depth * sizeof( int );
-/* Redefine yyless() so it works in section 3 code. */
+ if ( ! yy_start_stack )
+ yy_start_stack = (int *) yy_flex_alloc( new_size );
-#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- yytext[yyleng] = (yy_hold_char); \
- (yy_c_buf_p) = yytext + yyless_macro_arg; \
- (yy_hold_char) = *(yy_c_buf_p); \
- *(yy_c_buf_p) = '\0'; \
- yyleng = yyless_macro_arg; \
- } \
- while ( 0 )
+ else
+ yy_start_stack = (int *) yy_flex_realloc(
+ (void *) yy_start_stack, new_size );
-/* Accessor methods (get/set functions) to struct members. */
+ if ( ! yy_start_stack )
+ YY_FATAL_ERROR(
+ "out of memory expanding start-condition stack" );
+ }
-/** Get the current line number.
- *
- */
-int yyget_lineno (void)
-{
-
- return yylineno;
-}
+ yy_start_stack[yy_start_stack_ptr++] = YY_START;
-/** Get the input stream.
- *
- */
-FILE *yyget_in (void)
-{
- return yyin;
-}
+ BEGIN(new_state);
+ }
+#endif
-/** Get the output stream.
- *
- */
-FILE *yyget_out (void)
-{
- return yyout;
-}
-/** Get the length of the current token.
- *
- */
-int yyget_leng (void)
-{
- return yyleng;
-}
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state()
+ {
+ if ( --yy_start_stack_ptr < 0 )
+ YY_FATAL_ERROR( "start-condition stack underflow" );
-/** Get the current token.
- *
- */
+ BEGIN(yy_start_stack[yy_start_stack_ptr]);
+ }
+#endif
-char *yyget_text (void)
-{
- return yytext;
-}
-/** Set the current line number.
- * @param line_number
- *
- */
-void yyset_lineno (int line_number )
-{
-
- yylineno = line_number;
-}
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state()
+ {
+ return yy_start_stack[yy_start_stack_ptr - 1];
+ }
+#endif
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- *
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE * in_str )
-{
- yyin = in_str ;
-}
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
-void yyset_out (FILE * out_str )
-{
- yyout = out_str ;
-}
+#ifdef YY_USE_PROTOS
+static void yy_fatal_error( yyconst char msg[] )
+#else
+static void yy_fatal_error( msg )
+char msg[];
+#endif
+ {
+ (void) fprintf( stderr, "%s\n", msg );
+ exit( YY_EXIT_FAILURE );
+ }
-int yyget_debug (void)
-{
- return yy_flex_debug;
-}
-void yyset_debug (int bdebug )
-{
- yy_flex_debug = bdebug ;
-}
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy (void)
-{
-
- /* Pop the buffer stack, destroying each element. */
- while(YY_CURRENT_BUFFER){
- yy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- yypop_buffer_state();
- }
+/* Redefine yyless() so it works in section 3 code. */
- /* Destroy the stack itself. */
- yyfree((yy_buffer_stack) );
- (yy_buffer_stack) = NULL;
+#undef yyless
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ yytext[yyleng] = yy_hold_char; \
+ yy_c_buf_p = yytext + n; \
+ yy_hold_char = *yy_c_buf_p; \
+ *yy_c_buf_p = '\0'; \
+ yyleng = n; \
+ } \
+ while ( 0 )
- return 0;
-}
-/*
- * Internal utility routines.
- */
+/* Internal utility routines. */
#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
+#ifdef YY_USE_PROTOS
+static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
+#else
+static void yy_flex_strncpy( s1, s2, n )
+char *s1;
+yyconst char *s2;
+int n;
+#endif
+ {
register int i;
- for ( i = 0; i < n; ++i )
+ for ( i = 0; i < n; ++i )
s1[i] = s2[i];
-}
+ }
#endif
#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
+#ifdef YY_USE_PROTOS
+static int yy_flex_strlen( yyconst char *s )
+#else
+static int yy_flex_strlen( s )
+yyconst char *s;
+#endif
+ {
register int n;
- for ( n = 0; s[n]; ++n )
+ for ( n = 0; s[n]; ++n )
;
return n;
-}
+ }
#endif
-void *yyalloc (yy_size_t size )
-{
+
+#ifdef YY_USE_PROTOS
+static void *yy_flex_alloc( yy_size_t size )
+#else
+static void *yy_flex_alloc( size )
+yy_size_t size;
+#endif
+ {
return (void *) malloc( size );
-}
+ }
-void *yyrealloc (void * ptr, yy_size_t size )
-{
+#ifdef YY_USE_PROTOS
+static void *yy_flex_realloc( void *ptr, yy_size_t size )
+#else
+static void *yy_flex_realloc( ptr, size )
+void *ptr;
+yy_size_t size;
+#endif
+ {
/* The cast to (char *) in the following accommodates both
* implementations that use char* generic pointers, and those
* that use void* generic pointers. It works with the latter
@@ -1782,31 +1621,28 @@ void *yyrealloc (void * ptr, yy_size_t size )
* as though doing an assignment.
*/
return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
- free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
+ }
-#undef YY_NEW_FILE
-#undef YY_FLUSH_BUFFER
-#undef yy_set_bol
-#undef yy_new_buffer
-#undef yy_set_interactive
-#undef yytext_ptr
-#undef YY_DO_BEFORE_ACTION
+#ifdef YY_USE_PROTOS
+static void yy_flex_free( void *ptr )
+#else
+static void yy_flex_free( ptr )
+void *ptr;
+#endif
+ {
+ free( ptr );
+ }
-#ifdef YY_DECL_IS_OURS
-#undef YY_DECL_IS_OURS
-#undef YY_DECL
+#if YY_MAIN
+int main()
+ {
+ yylex();
+ return 0;
+ }
#endif
#line 75 "lex.l"
-
#ifndef yywrap /* XXX */
int
yywrap ()
@@ -1859,4 +1695,3 @@ error_message (const char *format, ...)
va_end (args);
numerror++;
}
-
diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c
index b6bb55a9ba..32d479e372 100644
--- a/source4/heimdal/lib/des/des.c
+++ b/source4/heimdal/lib/des/des.c
@@ -45,13 +45,14 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: des.c,v 1.16 2006/01/08 21:47:28 lha Exp $");
+RCSID("$Id: des.c,v 1.17 2006/04/14 14:19:36 lha Exp $");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <krb5-types.h>
+#include <assert.h>
#include "des.h"
#include "ui.h"
@@ -514,6 +515,7 @@ DES_cfb64_encrypt(const void *in, void *out,
if (forward_encrypt) {
int i = *num;
+ assert(i >= 0);
while (length > 0) {
if (i == 0)
@@ -535,6 +537,7 @@ DES_cfb64_encrypt(const void *in, void *out,
} else {
int i = *num;
unsigned char c;
+ assert(i >= 0);
while (length > 0) {
if (i == 0) {
diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h
index cbea876521..419c7d8902 100644
--- a/source4/heimdal/lib/des/dh.h
+++ b/source4/heimdal/lib/des/dh.h
@@ -32,7 +32,7 @@
*/
/*
- * $Id: dh.h,v 1.4 2006/01/18 13:48:30 lha Exp $
+ * $Id: dh.h,v 1.5 2006/04/20 18:16:17 lha Exp $
*/
#ifndef _HEIM_DH_H
@@ -52,7 +52,7 @@
#define DH_set_ex_data hc_DH_set_ex_data
#define DH_get_ex_data hc_DH_get_ex_data
#define DH_generate_parameters_ex hc_DH_generate_parameters_ex
-#define DH_check hc_DH_check
+#define DH_check_pubkey hc_DH_check_pubkey
#define DH_generate_key hc_DH_generate_key
#define DH_compute_key hc_DH_compute_key
diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h
index 70c0a7688c..757d0f75fb 100644
--- a/source4/heimdal/lib/des/engine.h
+++ b/source4/heimdal/lib/des/engine.h
@@ -32,7 +32,7 @@
*/
/*
- * $Id: engine.h,v 1.4 2006/01/13 15:26:52 lha Exp $
+ * $Id: engine.h,v 1.5 2006/04/17 13:16:17 lha Exp $
*/
#ifndef _HEIM_ENGINE_H
@@ -45,6 +45,7 @@
#define ENGINE_finish hc_ENGINE_finish
#define ENGINE_get_DH hc_ENGINE_get_DH
#define ENGINE_get_RSA hc_ENGINE_get_RSA
+#define ENGINE_get_RAND hc_ENGINE_get_RAND
#define ENGINE_get_id hc_ENGINE_get_id
#define ENGINE_get_name hc_ENGINE_get_name
#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines
@@ -64,6 +65,7 @@ typedef struct hc_engine ENGINE;
#include <hcrypto/rsa.h>
#include <hcrypto/dsa.h>
#include <hcrypto/dh.h>
+#include <hcrypto/rand.h>
#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000
@@ -86,6 +88,7 @@ const char * ENGINE_get_id(const ENGINE *);
const char * ENGINE_get_name(const ENGINE *);
const RSA_METHOD * ENGINE_get_RSA(const ENGINE *);
const DH_METHOD * ENGINE_get_DH(const ENGINE *);
+const RAND_METHOD * ENGINE_get_RAND(const ENGINE *);
int ENGINE_set_default_RSA(ENGINE *);
ENGINE * ENGINE_get_default_RSA(void);
diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c
index 3f89a49bcc..475bb7314e 100644
--- a/source4/heimdal/lib/des/evp.c
+++ b/source4/heimdal/lib/des/evp.c
@@ -151,6 +151,22 @@ EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize,
*
*/
+static const struct hc_evp_md sha256 = {
+ 32,
+ 64,
+ sizeof(SHA256_CTX),
+ (void *)SHA256_Init,
+ (void *)SHA256_Update,
+ (void *)SHA256_Final,
+ NULL
+};
+
+const EVP_MD *
+EVP_sha256(void)
+{
+ return &sha256;
+}
+
static const struct hc_evp_md sha1 = {
20,
64,
@@ -543,6 +559,27 @@ EVP_rc2_40_cbc(void)
return &rc2_40_cbc;
}
+const EVP_CIPHER *
+EVP_rc2_64_cbc(void)
+{
+ static const EVP_CIPHER rc2_64_cbc = {
+ 0,
+ RC2_BLOCK_SIZE,
+ 8,
+ RC2_BLOCK_SIZE,
+ EVP_CIPH_CBC_MODE,
+ rc2_init,
+ rc2_do_cipher,
+ rc2_cleanup,
+ sizeof(struct rc2_cbc),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &rc2_64_cbc;
+}
+
/*
*
*/
@@ -726,3 +763,116 @@ EVP_aes_256_cbc(void)
};
return &aes_256_cbc;
}
+
+/*
+ *
+ */
+
+static const struct cipher_name {
+ const char *name;
+ const EVP_CIPHER *(*func)(void);
+} cipher_name[] = {
+ { "des-ede3-cbc", EVP_des_ede3_cbc },
+ { "aes-128-cbc", EVP_aes_128_cbc },
+ { "aes-192-cbc", EVP_aes_192_cbc },
+ { "aes-256-cbc", EVP_aes_256_cbc }
+};
+
+
+const EVP_CIPHER *
+EVP_get_cipherbyname(const char *name)
+{
+ int i;
+ for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) {
+ if (strcasecmp(cipher_name[i].name, name) == 0)
+ return (*cipher_name[i].func)();
+ }
+ return NULL;
+}
+
+
+/*
+ *
+ */
+
+#ifndef min
+#define min(a,b) (((a)>(b))?(b):(a))
+#endif
+
+int
+EVP_BytesToKey(const EVP_CIPHER *type,
+ const EVP_MD *md,
+ const void *salt,
+ const void *data, size_t datalen,
+ unsigned int count,
+ void *keydata,
+ void *ivdata)
+{
+ int ivlen, keylen, first = 0;
+ unsigned int mds = 0, i;
+ unsigned char *key = keydata;
+ unsigned char *iv = ivdata;
+ unsigned char *buf;
+ EVP_MD_CTX c;
+
+ keylen = EVP_CIPHER_key_length(type);
+ ivlen = EVP_CIPHER_iv_length(type);
+
+ if (data == NULL)
+ return keylen;
+
+ buf = malloc(EVP_MD_size(md));
+ if (buf == NULL)
+ return -1;
+
+ EVP_MD_CTX_init(&c);
+
+ first = 1;
+ while (1) {
+ EVP_DigestInit_ex(&c, md, NULL);
+ if (!first)
+ EVP_DigestUpdate(&c, buf, mds);
+ first = 0;
+ EVP_DigestUpdate(&c,data,datalen);
+
+#define PKCS5_SALT_LEN 8
+
+ if (salt)
+ EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
+
+ EVP_DigestFinal_ex(&c, buf, &mds);
+
+ for (i = 1; i < count; i++) {
+ EVP_DigestInit_ex(&c, md, NULL);
+ EVP_DigestUpdate(&c, buf, mds);
+ EVP_DigestFinal_ex(&c, buf, &mds);
+ }
+
+ i = 0;
+ if (keylen) {
+ size_t sz = min(keylen, mds);
+ if (key) {
+ memcpy(key, buf, sz);
+ key += sz;
+ }
+ keylen -= sz;
+ i += sz;
+ }
+ if (ivlen && mds > i) {
+ size_t sz = min(ivlen, (mds - i));
+ if (iv) {
+ memcpy(iv, &buf[i], sz);
+ iv += sz;
+ }
+ ivlen -= sz;
+ }
+ if (keylen == 0 && ivlen == 0)
+ break;
+ }
+
+ EVP_MD_CTX_cleanup(&c);
+ free(buf);
+
+ return EVP_CIPHER_key_length(type);
+}
+
diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h
index a04f17aabf..17d6d5fd41 100644
--- a/source4/heimdal/lib/des/evp.h
+++ b/source4/heimdal/lib/des/evp.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: evp.h,v 1.3 2006/02/28 14:17:25 lha Exp $ */
+/* $Id: evp.h,v 1.8 2006/04/21 15:00:54 lha Exp $ */
#ifndef HEIM_EVP_H
#define HEIM_EVP_H 1
@@ -79,12 +79,16 @@
#define EVP_md5 hc_EVP_md5
#define EVP_md_null hc_EVP_md_null
#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc
+#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc
#define EVP_rc2_cbc hc_EVP_rc2_cbc
#define EVP_rc4 hc_EVP_rc4
#define EVP_rc4_40 hc_EVP_rc4_40
#define EVP_sha hc_EVP_sha
#define EVP_sha1 hc_EVP_sha1
+#define EVP_sha256 hc_EVP_sha256
#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1
+#define EVP_BytesToKey hc_EVP_BytesToKey
+#define EVP_get_cipherbyname hc_EVP_get_cipherbyname
/*
*
@@ -161,6 +165,7 @@ const EVP_MD *EVP_md4(void);
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void);
@@ -168,6 +173,7 @@ const EVP_CIPHER * EVP_aes_256_cbc(void);
const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void);
const EVP_CIPHER * EVP_rc2_40_cbc(void);
+const EVP_CIPHER * EVP_rc2_64_cbc(void);
const EVP_CIPHER * EVP_rc2_cbc(void);
const EVP_CIPHER * EVP_rc4(void);
const EVP_CIPHER * EVP_rc4_40(void);
@@ -199,6 +205,9 @@ int EVP_Digest(const void *, size_t, void *, unsigned int *,
*
*/
+const EVP_CIPHER *
+ EVP_get_cipherbyname(const char *);
+
size_t EVP_CIPHER_block_size(const EVP_CIPHER *);
size_t EVP_CIPHER_key_length(const EVP_CIPHER *);
size_t EVP_CIPHER_iv_length(const EVP_CIPHER *);
@@ -227,5 +236,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t);
int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t,
unsigned long, size_t, void *);
+int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *,
+ const void *, const void *, size_t,
+ unsigned int, void *, void *);
+
#endif /* HEIM_EVP_H */
diff --git a/source4/heimdal/lib/des/rand.h b/source4/heimdal/lib/des/rand.h
index 514fe0ced4..a57da53928 100644
--- a/source4/heimdal/lib/des/rand.h
+++ b/source4/heimdal/lib/des/rand.h
@@ -1,3 +1,4 @@
+
/*
* Copyright (c) 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
@@ -32,23 +33,64 @@
*/
/*
- * $Id: rand.h,v 1.2 2006/01/13 15:26:52 lha Exp $
+ * $Id: rand.h,v 1.4 2006/04/17 13:23:04 lha Exp $
*/
#ifndef _HEIM_RAND_H
#define _HEIM_RAND_H 1
+typedef struct RAND_METHOD RAND_METHOD;
+
#include <hcrypto/bn.h>
+#include <hcrypto/engine.h>
/* symbol renaming */
#define RAND_bytes hc_RAND_bytes
#define RAND_pseudo_bytes hc_RAND_pseudo_bytes
+#define RAND_seed hc_RAND_seed
+#define RAND_cleanup hc_RAND_cleanup
+#define RAND_add hc_RAND_add
+#define RAND_set_rand_method hc_RAND_set_rand_method
+#define RAND_get_rand_method hc_RAND_get_rand_method
+#define RAND_set_rand_engine hc_RAND_set_rand_engine
+#define RAND_load_file hc_RAND_load_file
+#define RAND_write_file hc_RAND_write_file
+#define RAND_status hc_RAND_status
+#define RAND_egd hc_RAND_egd
+
+/*
+ *
+ */
+
+struct RAND_METHOD
+{
+ void (*seed)(const void *, int);
+ int (*bytes)(unsigned char *, int);
+ void (*cleanup)(void);
+ void (*add)(const void *, int, double);
+ int (*pseudorand)(unsigned char *, int);
+ int (*status)(void);
+};
/*
*
*/
-int RAND_bytes(void *, size_t num);
-int RAND_pseudo_bytes(void *, size_t);
+int RAND_bytes(void *, size_t num);
+int RAND_pseudo_bytes(void *, size_t);
+void RAND_seed(const void *, size_t);
+void RAND_cleanup(void);
+void RAND_add(const void *, size_t, double);
+
+int RAND_set_rand_method(const RAND_METHOD *);
+const RAND_METHOD *
+ RAND_get_rand_method(void);
+int RAND_set_rand_engine(ENGINE *);
+
+int RAND_load_file(const char *, size_t);
+int RAND_write_file(const char *);
+int RAND_status(void);
+int RAND_egd(const char *);
+
#endif /* _HEIM_RAND_H */
diff --git a/source4/heimdal/lib/des/rc2.c b/source4/heimdal/lib/des/rc2.c
index 4b4b53d52c..ed43c70605 100755
--- a/source4/heimdal/lib/des/rc2.c
+++ b/source4/heimdal/lib/des/rc2.c
@@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: rc2.c,v 1.6 2005/06/18 22:47:33 lha Exp $");
+RCSID("$Id: rc2.c,v 1.7 2006/04/09 17:03:21 lha Exp $");
#endif
#include "rc2.h"
@@ -87,6 +87,8 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
unsigned char k[128];
int j, T8, TM;
+ if (len <= 0)
+ abort();
if (len > 128)
len = 128;
if (bits <= 0 || bits > 1024)
diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h
index da9d2ea4b1..ea1dba27d8 100644
--- a/source4/heimdal/lib/des/rsa.h
+++ b/source4/heimdal/lib/des/rsa.h
@@ -32,7 +32,7 @@
*/
/*
- * $Id: rsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $
+ * $Id: rsa.h,v 1.4 2006/04/16 19:38:23 lha Exp $
*/
#ifndef _HEIM_RSA_H
@@ -59,6 +59,7 @@
#define RSA_sign hc_RSA_sign
#define RSA_verify hc_RSA_verify
#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey
+#define i2d_RSAPublicKey hc_i2d_RSAPublicKey
/*
*
@@ -160,5 +161,6 @@ int RSA_verify(int, const unsigned char *, unsigned int,
unsigned char *, unsigned int, RSA *);
RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t);
+int i2d_RSAPublicKey(RSA *, unsigned char **);
#endif /* _HEIM_RSA_H */
diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h
index 4657fad51f..6021823f5c 100644
--- a/source4/heimdal/lib/des/sha.h
+++ b/source4/heimdal/lib/des/sha.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: sha.h,v 1.9 2006/01/08 21:47:29 lha Exp $ */
+/* $Id: sha.h,v 1.10 2006/04/15 07:54:11 lha Exp $ */
#ifndef HEIM_SHA_H
#define HEIM_SHA_H 1
@@ -40,9 +40,12 @@
#define SHA1_Init hc_SHA1_Init
#define SHA1_Update hc_SHA1_Update
#define SHA1_Final hc_SHA1_Final
+#define SHA256_Init hc_SHA256_Init
+#define SHA256_Update hc_SHA256_Update
+#define SHA256_Final hc_SHA256_Final
/*
- *
+ * SHA-1
*/
#define SHA_DIGEST_LENGTH 20
@@ -59,4 +62,22 @@ void SHA1_Init (struct sha *m);
void SHA1_Update (struct sha *m, const void *v, size_t len);
void SHA1_Final (void *res, struct sha *m);
+/*
+ * SHA-2 256
+ */
+
+#define SHA256_DIGEST_LENGTH 32
+
+struct hc_sha256state {
+ unsigned int sz[2];
+ u_int32_t counter[8];
+ unsigned char save[64];
+};
+
+typedef struct hc_sha256state SHA256_CTX;
+
+void SHA256_Init (SHA256_CTX *);
+void SHA256_Update (SHA256_CTX *, const void *, size_t);
+void SHA256_Final (void *, SHA256_CTX *);
+
#endif /* HEIM_SHA_H */
diff --git a/source4/heimdal/lib/des/sha256.c b/source4/heimdal/lib/des/sha256.c
new file mode 100644
index 0000000000..8c12ce504c
--- /dev/null
+++ b/source4/heimdal/lib/des/sha256.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright (c) 1995 - 2001, 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+
+RCSID("$Id: sha256.c,v 1.1 2006/04/15 07:53:07 lha Exp $");
+#endif
+
+#include "hash.h"
+#include "sha.h"
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n))))
+
+#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25))
+#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3))
+#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10))
+
+#define A m->counter[0]
+#define B m->counter[1]
+#define C m->counter[2]
+#define D m->counter[3]
+#define E m->counter[4]
+#define F m->counter[5]
+#define G m->counter[6]
+#define H m->counter[7]
+
+static const u_int32_t constant_256[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+void
+SHA256_Init (SHA256_CTX *m)
+{
+ m->sz[0] = 0;
+ m->sz[1] = 0;
+ A = 0x6a09e667;
+ B = 0xbb67ae85;
+ C = 0x3c6ef372;
+ D = 0xa54ff53a;
+ E = 0x510e527f;
+ F = 0x9b05688c;
+ G = 0x1f83d9ab;
+ H = 0x5be0cd19;
+}
+
+static void
+calc (SHA256_CTX *m, u_int32_t *in)
+{
+ u_int32_t AA, BB, CC, DD, EE, FF, GG, HH;
+ u_int32_t data[64];
+ int i;
+
+ AA = A;
+ BB = B;
+ CC = C;
+ DD = D;
+ EE = E;
+ FF = F;
+ GG = G;
+ HH = H;
+
+ for (i = 0; i < 16; ++i)
+ data[i] = in[i];
+ for (i = 16; i < 64; ++i)
+ data[i] = sigma1(data[i-2]) + data[i-7] +
+ sigma0(data[i-15]) + data[i - 16];
+
+ for (i = 0; i < 64; i++) {
+ u_int32_t T1, T2;
+
+ T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
+ T2 = Sigma0(AA) + Maj(AA,BB,CC);
+
+ HH = GG;
+ GG = FF;
+ FF = EE;
+ EE = DD + T1;
+ DD = CC;
+ CC = BB;
+ BB = AA;
+ AA = T1 + T2;
+ }
+
+ A += AA;
+ B += BB;
+ C += CC;
+ D += DD;
+ E += EE;
+ F += FF;
+ G += GG;
+ H += HH;
+}
+
+/*
+ * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
+ */
+
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+static inline u_int32_t
+swap_u_int32_t (u_int32_t t)
+{
+#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n)))
+ u_int32_t temp1, temp2;
+
+ temp1 = cshift(t, 16);
+ temp2 = temp1 >> 8;
+ temp1 &= 0x00ff00ff;
+ temp2 &= 0x00ff00ff;
+ temp1 <<= 8;
+ return temp1 | temp2;
+}
+#endif
+
+struct x32{
+ unsigned int a:32;
+ unsigned int b:32;
+};
+
+void
+SHA256_Update (SHA256_CTX *m, const void *v, size_t len)
+{
+ const unsigned char *p = v;
+ size_t old_sz = m->sz[0];
+ size_t offset;
+
+ m->sz[0] += len * 8;
+ if (m->sz[0] < old_sz)
+ ++m->sz[1];
+ offset = (old_sz / 8) % 64;
+ while(len > 0){
+ size_t l = min(len, 64 - offset);
+ memcpy(m->save + offset, p, l);
+ offset += l;
+ p += l;
+ len -= l;
+ if(offset == 64){
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+ int i;
+ u_int32_t current[16];
+ struct x32 *u = (struct x32*)m->save;
+ for(i = 0; i < 8; i++){
+ current[2*i+0] = swap_u_int32_t(u[i].a);
+ current[2*i+1] = swap_u_int32_t(u[i].b);
+ }
+ calc(m, current);
+#else
+ calc(m, (u_int32_t*)m->save);
+#endif
+ offset = 0;
+ }
+ }
+}
+
+void
+SHA256_Final (void *res, SHA256_CTX *m)
+{
+ unsigned char zeros[72];
+ unsigned offset = (m->sz[0] / 8) % 64;
+ unsigned int dstart = (120 - offset - 1) % 64 + 1;
+
+ *zeros = 0x80;
+ memset (zeros + 1, 0, sizeof(zeros) - 1);
+ zeros[dstart+7] = (m->sz[0] >> 0) & 0xff;
+ zeros[dstart+6] = (m->sz[0] >> 8) & 0xff;
+ zeros[dstart+5] = (m->sz[0] >> 16) & 0xff;
+ zeros[dstart+4] = (m->sz[0] >> 24) & 0xff;
+ zeros[dstart+3] = (m->sz[1] >> 0) & 0xff;
+ zeros[dstart+2] = (m->sz[1] >> 8) & 0xff;
+ zeros[dstart+1] = (m->sz[1] >> 16) & 0xff;
+ zeros[dstart+0] = (m->sz[1] >> 24) & 0xff;
+ SHA256_Update (m, zeros, dstart + 8);
+ {
+ int i;
+ unsigned char *r = (unsigned char*)res;
+
+ for (i = 0; i < 8; ++i) {
+ r[4*i+3] = m->counter[i] & 0xFF;
+ r[4*i+2] = (m->counter[i] >> 8) & 0xFF;
+ r[4*i+1] = (m->counter[i] >> 16) & 0xFF;
+ r[4*i] = (m->counter[i] >> 24) & 0xFF;
+ }
+ }
+}
diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c
index ebb8ee2304..9ca60a6cdd 100644
--- a/source4/heimdal/lib/gssapi/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/accept_sec_context.c
@@ -77,7 +77,6 @@ gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx)
{
krb5_keyblock *key;
int acceptor = (context_handle->more_flags & LOCAL) == 0;
- *is_cfx = 0;
if (acceptor) {
if (context_handle->auth_context->local_subkey)
diff --git a/source4/heimdal/lib/gssapi/get_mic.c b/source4/heimdal/lib/gssapi/get_mic.c
index 1c950e95d9..fc9e9aa1a9 100644
--- a/source4/heimdal/lib/gssapi/get_mic.c
+++ b/source4/heimdal/lib/gssapi/get_mic.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: get_mic.c,v 1.29 2005/01/05 02:52:12 lukeh Exp $");
+RCSID("$Id: get_mic.c,v 1.30 2006/04/02 02:12:52 lha Exp $");
static OM_uint32
mic_des
@@ -59,6 +59,7 @@ mic_des
message_token->length = total_len;
message_token->value = malloc (total_len);
if (message_token->value == NULL) {
+ message_token->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -150,6 +151,7 @@ mic_des3
message_token->length = total_len;
message_token->value = malloc (total_len);
if (message_token->value == NULL) {
+ message_token->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -179,6 +181,8 @@ mic_des3
kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
if (kret) {
free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
free (tmp);
gssapi_krb5_set_error_string ();
*minor_status = kret;
@@ -196,6 +200,8 @@ mic_des3
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (kret) {
free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
@@ -221,6 +227,8 @@ mic_des3
ETYPE_DES3_CBC_NONE, &crypto);
if (kret) {
free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
@@ -238,6 +246,8 @@ mic_des3
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (kret) {
free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h
index bd5d0db2b5..be2277b96f 100644
--- a/source4/heimdal/lib/gssapi/gssapi_locl.h
+++ b/source4/heimdal/lib/gssapi/gssapi_locl.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gssapi_locl.h,v 1.43 2005/11/02 08:51:17 lha Exp $ */
+/* $Id: gssapi_locl.h,v 1.44 2006/04/12 17:44:05 lha Exp $ */
#ifndef GSSAPI_LOCL_H
#define GSSAPI_LOCL_H
@@ -290,6 +290,14 @@ _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32);
OM_uint32
_gssapi_msg_order_f(OM_uint32);
+OM_uint32
+_gssapi_msg_order_import(OM_uint32 *, krb5_storage *,
+ struct gss_msg_order **);
+
+krb5_error_code
+_gssapi_msg_order_export(krb5_storage *, struct gss_msg_order *);
+
+
/* 8003 */
krb5_error_code
diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c
index be34d8b560..e363ee22f7 100644
--- a/source4/heimdal/lib/gssapi/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/init_sec_context.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: init_sec_context.c,v 1.61 2005/11/02 11:52:49 lha Exp $");
+RCSID("$Id: init_sec_context.c,v 1.62 2006/04/09 18:45:18 lha Exp $");
/*
* copy the addresses from `input_chan_bindings' (if any) to
diff --git a/source4/heimdal/lib/gssapi/sequence.c b/source4/heimdal/lib/gssapi/sequence.c
index 973fc6ad05..2851b0a6c8 100755
--- a/source4/heimdal/lib/gssapi/sequence.c
+++ b/source4/heimdal/lib/gssapi/sequence.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: sequence.c,v 1.5 2005/04/27 17:49:43 lha Exp $");
+RCSID("$Id: sequence.c,v 1.6 2006/04/12 17:43:39 lha Exp $");
#define DEFAULT_JITTER_WINDOW 20
@@ -46,6 +46,32 @@ struct gss_msg_order {
OM_uint32 elem[1];
};
+
+/*
+ *
+ */
+
+static OM_uint32
+msg_order_alloc(OM_uint32 *minor_status,
+ struct gss_msg_order **o,
+ OM_uint32 jitter_window)
+{
+ size_t len;
+
+ len = jitter_window * sizeof((*o)->elem[0]);
+ len += sizeof(**o);
+ len -= sizeof((*o)->elem[0]);
+
+ *o = calloc(1, len);
+ if (*o == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
/*
*
*/
@@ -58,21 +84,15 @@ _gssapi_msg_order_create(OM_uint32 *minor_status,
OM_uint32 jitter_window,
int use_64)
{
- size_t len;
+ OM_uint32 ret;
if (jitter_window == 0)
jitter_window = DEFAULT_JITTER_WINDOW;
- len = jitter_window * sizeof((*o)->elem[0]);
- len += sizeof(**o);
- len -= sizeof((*o)->elem[0]);
-
- *o = malloc(len);
- if (*o == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memset(*o, 0, len);
+ ret = msg_order_alloc(minor_status, o, jitter_window);
+ if(ret != GSS_S_COMPLETE)
+ return ret;
+
(*o)->flags = flags;
(*o)->length = 0;
(*o)->first_seq = seq_num;
@@ -187,3 +207,88 @@ _gssapi_msg_order_f(OM_uint32 flags)
{
return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG);
}
+
+/*
+ * Translate `o` into inter-process format and export in to `sp'.
+ */
+
+krb5_error_code
+_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o)
+{
+ krb5_error_code kret;
+ OM_uint32 i;
+
+ kret = krb5_store_int32(sp, o->flags);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->start);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->length);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->jitter_window);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->first_seq);
+ if (kret)
+ return kret;
+
+ for (i = 0; i < o->jitter_window; i++) {
+ kret = krb5_store_int32(sp, o->elem[i]);
+ if (kret)
+ return kret;
+ }
+
+ return 0;
+}
+
+OM_uint32
+_gssapi_msg_order_import(OM_uint32 *minor_status,
+ krb5_storage *sp,
+ struct gss_msg_order **o)
+{
+ OM_uint32 ret;
+ krb5_error_code kret;
+ int32_t i, flags, start, length, jitter_window, first_seq;
+
+ kret = krb5_ret_int32(sp, &flags);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &start);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &length);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &jitter_window);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &first_seq);
+ if (kret)
+ goto failed;
+
+ ret = msg_order_alloc(minor_status, o, jitter_window);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ (*o)->flags = flags;
+ (*o)->start = start;
+ (*o)->length = length;
+ (*o)->jitter_window = jitter_window;
+ (*o)->first_seq = first_seq;
+
+ for( i = 0; i < jitter_window; i++ ) {
+ kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i]));
+ if (kret)
+ goto failed;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+
+failed:
+ _gssapi_msg_order_destroy(o);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+}
diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c
index e5be6cf149..0c089067b6 100644
--- a/source4/heimdal/lib/gssapi/wrap.c
+++ b/source4/heimdal/lib/gssapi/wrap.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $");
+RCSID("$Id: wrap.c,v 1.32 2006/04/02 02:10:03 lha Exp $");
OM_uint32
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
@@ -316,6 +316,7 @@ wrap_des
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -440,6 +441,7 @@ wrap_des3
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -474,6 +476,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -489,6 +493,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -518,6 +524,8 @@ wrap_des3
&crypto);
if (ret) {
free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -536,6 +544,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -561,6 +571,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -570,6 +582,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c
index c5a2efd758..0ca3846f9d 100644
--- a/source4/heimdal/lib/hdb/keys.c
+++ b/source4/heimdal/lib/hdb/keys.c
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: keys.c,v 1.3 2005/03/17 00:42:05 lha Exp $");
+RCSID("$Id: keys.c,v 1.4 2006/04/02 00:45:48 lha Exp $");
/*
* free all the memory used by (len, keys)
@@ -298,6 +298,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
&enctypes, &num_enctypes, &salt, principal);
if (ret) {
krb5_warnx(context, "bad value for default_keys `%s'", *kp);
+ ret = 0;
continue;
}
@@ -334,6 +335,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
krb5_free_salt(context, salt);
}
+ *ret_key_set = key_set;
+
out:
if (ret) {
krb5_warn(context, ret,
@@ -348,8 +351,6 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
ret = EINVAL; /* XXX */
}
- *ret_key_set = key_set;
-
return ret;
}
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c
index 6fb37842dc..12979eaecf 100644
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -35,7 +35,7 @@
/* keytab backend for HDB databases */
-RCSID("$Id: keytab.c,v 1.8 2005/12/12 12:35:36 lha Exp $");
+RCSID("$Id: keytab.c,v 1.10 2006/04/02 20:20:45 lha Exp $");
struct hdb_data {
char *dbname;
@@ -76,7 +76,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
if((mkey - db) == 0) {
d->dbname = NULL;
} else {
- d->dbname = malloc(mkey - db);
+ d->dbname = malloc(mkey - db + 1);
if(d->dbname == NULL) {
free(d);
krb5_set_error_string(context, "malloc: out of memory");
diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c
index 7cf2c65d89..b38104fc2d 100644
--- a/source4/heimdal/lib/krb5/acache.c
+++ b/source4/heimdal/lib/krb5/acache.c
@@ -37,7 +37,7 @@
#include <dlfcn.h>
#endif
-RCSID("$Id: acache.c,v 1.14 2005/10/03 08:44:18 lha Exp $");
+RCSID("$Id: acache.c,v 1.15 2006/03/27 04:22:23 lha Exp $");
/* XXX should we fetch these for each open ? */
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
@@ -218,7 +218,36 @@ make_cred_from_ccred(krb5_context context,
}
}
- cred->flags.b = int2TicketFlags(incred->ticket_flags); /* XXX */
+ cred->flags.i = 0;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE)
+ cred->flags.b.forwardable = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED)
+ cred->flags.b.forwarded = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE)
+ cred->flags.b.proxiable = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY)
+ cred->flags.b.proxy = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE)
+ cred->flags.b.may_postdate = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED)
+ cred->flags.b.postdated = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID)
+ cred->flags.b.invalid = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE)
+ cred->flags.b.renewable = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL)
+ cred->flags.b.initial = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH)
+ cred->flags.b.pre_authent = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH)
+ cred->flags.b.hw_authent = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED)
+ cred->flags.b.transited_policy_checked = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE)
+ cred->flags.b.ok_as_delegate = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS)
+ cred->flags.b.anonymous = 1;
+
return 0;
nomem:
@@ -310,7 +339,36 @@ make_ccred_from_cred(krb5_context context,
}
cred->addresses[i] = NULL;
- cred->ticket_flags = TicketFlags2int(incred->flags.b); /* XXX */
+ cred->ticket_flags = 0;
+ if (incred->flags.b.forwardable)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE;
+ if (incred->flags.b.forwarded)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED;
+ if (incred->flags.b.proxiable)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE;
+ if (incred->flags.b.proxy)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY;
+ if (incred->flags.b.may_postdate)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE;
+ if (incred->flags.b.postdated)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED;
+ if (incred->flags.b.invalid)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID;
+ if (incred->flags.b.renewable)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE;
+ if (incred->flags.b.initial)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL;
+ if (incred->flags.b.pre_authent)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH;
+ if (incred->flags.b.hw_authent)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH;
+ if (incred->flags.b.transited_policy_checked)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED;
+ if (incred->flags.b.ok_as_delegate)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE;
+ if (incred->flags.b.anonymous)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS;
+
return 0;
fail:
diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c
index cf460ba725..ebdbcfed46 100644
--- a/source4/heimdal/lib/krb5/addr_families.c
+++ b/source4/heimdal/lib/krb5/addr_families.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $");
+RCSID("$Id: addr_families.c,v 1.51 2006/04/02 02:17:31 lha Exp $");
struct addr_operations {
int af;
@@ -1136,6 +1136,7 @@ krb5_make_addrport (krb5_context context,
if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
free (*res);
+ *res = NULL;
return ret;
}
p = (*res)->address.data;
diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c
index 1c38721b02..9eff09bb0a 100644
--- a/source4/heimdal/lib/krb5/build_auth.c
+++ b/source4/heimdal/lib/krb5/build_auth.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: build_auth.c,v 1.42 2005/01/05 02:34:53 lukeh Exp $");
+RCSID("$Id: build_auth.c,v 1.43 2006/04/10 08:53:21 lha Exp $");
static krb5_error_code
make_etypelist(krb5_context context,
@@ -116,13 +116,12 @@ krb5_build_authenticator (krb5_context context,
krb5_error_code ret;
krb5_crypto crypto;
- auth = malloc(sizeof(*auth));
+ auth = calloc(1, sizeof(*auth));
if (auth == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
- memset (auth, 0, sizeof(*auth));
auth->authenticator_vno = 5;
copy_Realm(&cred->client->realm, &auth->crealm);
copy_PrincipalName(&cred->client->name, &auth->cname);
@@ -161,10 +160,8 @@ krb5_build_authenticator (krb5_context context,
/* XXX - Copy more to auth_context? */
- if (auth_context) {
- auth_context->authenticator->ctime = auth->ctime;
- auth_context->authenticator->cusec = auth->cusec;
- }
+ auth_context->authenticator->ctime = auth->ctime;
+ auth_context->authenticator->cusec = auth->cusec;
ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
if (ret)
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c
index efb2ad1374..b21d42d653 100644
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $");
+RCSID("$Id: cache.c,v 1.79 2006/04/02 00:54:48 lha Exp $");
/*
* Add a new ccache type with operations `ops', overwriting any
@@ -316,7 +316,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
}
if (append == NULL) {
free(*res);
- res = NULL;
+ *res = NULL;
krb5_set_error_string(context, "malloc - out of memory");
return ENOMEM;
}
@@ -324,6 +324,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
tlen = strlen(append);
tmp = realloc(*res, len + tlen + 1);
if (tmp == NULL) {
+ free(append);
free(*res);
*res = NULL;
krb5_set_error_string(context, "malloc - out of memory");
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c
index 86e286c638..66051303ed 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: config_file.c,v 1.53 2005/06/16 20:22:53 lha Exp $");
+RCSID("$Id: config_file.c,v 1.54 2006/04/02 00:59:19 lha Exp $");
#ifndef HAVE_NETINFO
@@ -574,7 +574,7 @@ krb5_config_vget_strings(krb5_context context,
}
if(nstr){
char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings));
- if(strings == NULL)
+ if(tmp == NULL)
goto cleanup;
strings = tmp;
strings[nstr] = NULL;
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 039484c650..3a90995283 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $");
+RCSID("$Id: crypto.c,v 1.134 2006/04/10 08:58:53 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@@ -4096,7 +4096,7 @@ krb5_string_to_key_derived(krb5_context context,
struct encryption_type *et = _find_enctype(etype);
krb5_error_code ret;
struct key_data kd;
- size_t keylen = et->keytype->bits / 8;
+ size_t keylen;
u_char *tmp;
if(et == NULL) {
@@ -4104,6 +4104,8 @@ krb5_string_to_key_derived(krb5_context context,
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
+ keylen = et->keytype->bits / 8;
+
ALLOC(kd.key, 1);
if(kd.key == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c
index 9cf1410e70..3192c4c64f 100644
--- a/source4/heimdal/lib/krb5/data.c
+++ b/source4/heimdal/lib/krb5/data.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: data.c,v 1.19 2004/05/25 21:22:23 lha Exp $");
+RCSID("$Id: data.c,v 1.20 2006/04/02 01:06:07 lha Exp $");
void KRB5_LIB_FUNCTION
krb5_data_zero(krb5_data *p)
@@ -114,6 +114,7 @@ krb5_copy_data(krb5_context context,
if(ret) {
krb5_clear_error_string (context);
free(*outdata);
+ *outdata = NULL;
}
return ret;
}
diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c
index f8ebe837b7..79b809d2a2 100644
--- a/source4/heimdal/lib/krb5/fcache.c
+++ b/source4/heimdal/lib/krb5/fcache.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: fcache.c,v 1.51 2005/08/12 13:31:19 lha Exp $");
+RCSID("$Id: fcache.c,v 1.52 2006/04/02 01:04:37 lha Exp $");
typedef struct krb5_fcache{
char *filename;
@@ -269,10 +269,11 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
}
fd = mkstemp(file);
if(fd < 0) {
+ int ret = errno;
+ krb5_set_error_string(context, "mkstemp %s", file);
free(f);
free(file);
- krb5_set_error_string(context, "mkstemp %s", file);
- return errno;
+ return ret;
}
close(fd);
f->filename = file;
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index dafe668b5d..661d05663b 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $");
+RCSID("$Id: get_for_creds.c,v 1.49 2006/04/10 09:28:15 lha Exp $");
static krb5_error_code
add_addrs(krb5_context context,
@@ -180,10 +180,7 @@ krb5_get_forwarded_creds (krb5_context context,
addrs.len = 0;
addrs.val = NULL;
- if (in_creds->client && in_creds->client->realm)
- realm = in_creds->client->realm;
- else
- realm = in_creds->server->realm;
+ realm = in_creds->client->realm;
krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever",
TRUE, &noaddr_ever);
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c
index 316c2f02eb..88de280a00 100644
--- a/source4/heimdal/lib/krb5/init_creds.c
+++ b/source4/heimdal/lib/krb5/init_creds.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: init_creds.c,v 1.22 2006/02/03 11:42:31 lha Exp $");
+RCSID("$Id: init_creds.c,v 1.23 2006/04/02 01:08:30 lha Exp $");
void KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
@@ -75,7 +75,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context,
krb5_get_init_creds_opt *opt;
*out = NULL;
- opt = malloc(sizeof(*opt));
+ opt = calloc(1, sizeof(*opt));
if (opt == NULL) {
krb5_set_error_string(context, "out of memory");
return ENOMEM;
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index 3c694624bf..489a88a31b 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: init_creds_pw.c,v 1.90 2005/10/12 12:45:11 lha Exp $");
+RCSID("$Id: init_creds_pw.c,v 1.92 2006/04/02 01:20:15 lha Exp $");
typedef struct krb5_get_init_creds_ctx {
krb5_kdc_flags flags;
@@ -79,8 +79,10 @@ default_s2k_func(krb5_context context, krb5_enctype type,
return ENOMEM;
ret = krb5_string_to_key_data_salt_opaque(context, type, password,
salt, opaque, *key);
- if (ret)
+ if (ret) {
free(*key);
+ *key = NULL;
+ }
return ret;
}
@@ -545,23 +547,14 @@ init_creds_init_as_req (krb5_context context,
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
- if (creds->client) {
- ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
- if (ret)
- goto fail;
- ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
- if (ret)
- goto fail;
- } else {
- krb5_realm realm;
- a->req_body.cname = NULL;
- ret = krb5_get_default_realm(context, &realm);
- if (ret)
- goto fail;
- ret = copy_Realm(&realm, &a->req_body.realm);
- free(realm);
- }
+ ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
+ if (ret)
+ goto fail;
+ ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
+ if (ret)
+ goto fail;
+
ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
if (ret)
goto fail;
diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c
index 667788c69d..d5130aaad8 100644
--- a/source4/heimdal/lib/krb5/keytab_any.c
+++ b/source4/heimdal/lib/krb5/keytab_any.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $");
+RCSID("$Id: keytab_any.c,v 1.8 2006/04/10 09:20:13 lha Exp $");
struct any_data {
krb5_keytab kt;
@@ -162,23 +162,22 @@ any_next_entry (krb5_context context,
ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
if (ret == 0)
return 0;
- else if (ret == KRB5_KT_END) {
- ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
- if (ret2)
- return ret2;
- while ((ed->a = ed->a->next) != NULL) {
- ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
- if (ret2 == 0)
- break;
- }
- if (ed->a == NULL) {
- krb5_clear_error_string (context);
- return KRB5_KT_END;
- }
- } else
+ else if (ret != KRB5_KT_END)
return ret;
- } while (ret == KRB5_KT_END);
- return ret;
+
+ ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
+ if (ret2)
+ return ret2;
+ while ((ed->a = ed->a->next) != NULL) {
+ ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
+ if (ret2 == 0)
+ break;
+ }
+ if (ed->a == NULL) {
+ krb5_clear_error_string (context);
+ return KRB5_KT_END;
+ }
+ } while (1);
}
static krb5_error_code
diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c
index 6ff2680ed1..f9a76e634a 100644
--- a/source4/heimdal/lib/krb5/keytab_file.c
+++ b/source4/heimdal/lib/krb5/keytab_file.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: keytab_file.c,v 1.20 2005/07/13 06:08:07 lha Exp $");
+RCSID("$Id: keytab_file.c,v 1.22 2006/04/07 21:57:31 lha Exp $");
#define KRB5_KT_VNO_1 1
#define KRB5_KT_VNO_2 2
@@ -164,7 +164,7 @@ krb5_kt_ret_principal(krb5_context context,
int i;
int ret;
krb5_principal p;
- int16_t tmp;
+ int16_t len;
ALLOC(p, 1);
if(p == NULL) {
@@ -172,25 +172,34 @@ krb5_kt_ret_principal(krb5_context context,
return ENOMEM;
}
- ret = krb5_ret_int16(sp, &tmp);
- if(ret)
- return ret;
+ ret = krb5_ret_int16(sp, &len);
+ if(ret) {
+ krb5_set_error_string(context,
+ "Failed decoding length of keytab principal");
+ goto out;
+ }
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
- tmp--;
- p->name.name_string.len = tmp;
+ len--;
+ if (len < 0) {
+ krb5_set_error_string(context,
+ "Keytab principal contains invalid length");
+ ret = KRB5_KT_END;
+ goto out;
+ }
ret = krb5_kt_ret_string(context, sp, &p->realm);
if(ret)
- return ret;
- p->name.name_string.val = calloc(p->name.name_string.len,
- sizeof(*p->name.name_string.val));
+ goto out;
+ p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
if(p->name.name_string.val == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
- return ENOMEM;
+ ret = ENOMEM;
+ goto out;
}
+ p->name.name_string.len = len;
for(i = 0; i < p->name.name_string.len; i++){
ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
if(ret)
- return ret;
+ goto out;
}
if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
p->name.name_type = KRB5_NT_UNKNOWN;
@@ -199,10 +208,13 @@ krb5_kt_ret_principal(krb5_context context,
ret = krb5_ret_int32(sp, &tmp32);
p->name.name_type = tmp32;
if (ret)
- return ret;
+ goto out;
}
*princ = p;
return 0;
+out:
+ krb5_free_principal(context, p);
+ return ret;
}
static krb5_error_code
@@ -423,7 +435,7 @@ loop:
}
}
if(start) *start = pos;
- if(end) *end = *start + 4 + len;
+ if(end) *end = pos + 4 + len;
out:
krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
return ret;
diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c
index 5c94291e72..32fb48a8a2 100644
--- a/source4/heimdal/lib/krb5/keytab_keyfile.c
+++ b/source4/heimdal/lib/krb5/keytab_keyfile.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: keytab_keyfile.c,v 1.17 2005/09/30 11:20:53 lha Exp $");
+RCSID("$Id: keytab_keyfile.c,v 1.18 2006/04/02 01:24:52 lha Exp $");
/* afs keyfile operations --------------------------------------- */
@@ -94,6 +94,7 @@ get_cell_and_realm (krb5_context context,
f = fopen (AFS_SERVERMAGICKRBCONF, "r");
if (f != NULL) {
if (fgets (buf, sizeof(buf), f) == NULL) {
+ free (d->cell);
fclose (f);
krb5_set_error_string (context, "no realm in %s",
AFS_SERVERMAGICKRBCONF);
diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c
index 1a83faca57..19e7f106bf 100644
--- a/source4/heimdal/lib/krb5/keytab_krb4.c
+++ b/source4/heimdal/lib/krb5/keytab_krb4.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: keytab_krb4.c,v 1.13 2005/05/19 04:13:18 lha Exp $");
+RCSID("$Id: keytab_krb4.c,v 1.15 2006/04/10 17:10:53 lha Exp $");
struct krb4_kt_data {
char *filename;
@@ -139,6 +139,11 @@ krb4_kt_start_seq_get_int (krb5_context context,
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
+ if(c->sp == NULL) {
+ close(c->fd);
+ free(ed);
+ return ENOMEM;
+ }
krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
return 0;
}
@@ -302,11 +307,11 @@ krb4_kt_add_entry (krb5_context context,
}
}
sp = krb5_storage_from_fd(fd);
- krb5_storage_set_eof_code(sp, KRB5_KT_END);
if(sp == NULL) {
close(fd);
return ENOMEM;
}
+ krb5_storage_set_eof_code(sp, KRB5_KT_END);
ret = krb4_store_keytab_entry(context, entry, sp);
krb5_storage_free(sp);
if(close (fd) < 0)
@@ -316,8 +321,8 @@ krb4_kt_add_entry (krb5_context context,
static krb5_error_code
krb4_kt_remove_entry(krb5_context context,
- krb5_keytab id,
- krb5_keytab_entry *entry)
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
{
struct krb4_kt_data *d = id->data;
krb5_error_code ret;
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index 8d9b3c62ac..00126d60ed 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -302,19 +302,13 @@ void KRB5_LIB_FUNCTION
_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/);
krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_create_sign (
- krb5_context /*context*/,
- const heim_oid */*eContentType*/,
- krb5_data */*eContent*/,
- struct krb5_pk_identity */*id*/,
- krb5_data */*sd_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_load_openssl_id (
+_krb5_pk_load_id (
krb5_context /*context*/,
struct krb5_pk_identity **/*ret_id*/,
const char */*user_id*/,
- const char */*x509_anchors*/,
+ const char */*anchor_id*/,
+ char * const */*chain*/,
+ char * const */*revoke*/,
krb5_prompter_fct /*prompter*/,
void */*prompter_data*/,
char */*password*/);
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index d7e74621ef..56f43f6c3d 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -1874,6 +1874,8 @@ krb5_get_init_creds_opt_set_pkinit (
krb5_principal /*principal*/,
const char */*user_id*/,
const char */*x509_anchors*/,
+ char * const * /*chain*/,
+ char * const * /*revoke*/,
int /*flags*/,
krb5_prompter_fct /*prompter*/,
void */*prompter_data*/,
diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h
index 00c30d7791..29b2ddbecc 100644
--- a/source4/heimdal/lib/krb5/krb5_ccapi.h
+++ b/source4/heimdal/lib/krb5/krb5_ccapi.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5_ccapi.h,v 1.1 2004/09/11 04:00:42 lha Exp $ */
+/* $Id: krb5_ccapi.h,v 1.2 2006/03/27 04:21:06 lha Exp $ */
#ifndef KRB5_CCAPI_H
#define KRB5_CCAPI_H 1
@@ -43,7 +43,8 @@ enum {
};
enum {
- ccapi_version_3 = 3
+ ccapi_version_3 = 3,
+ ccapi_version_4 = 4
};
enum {
@@ -108,7 +109,21 @@ struct cc_credentials_v5_t {
cc_time_t endtime;
cc_time_t renew_till;
cc_uint32 is_skey;
- cc_uint32 ticket_flags; /* XXX ticket flags undefined */
+ cc_uint32 ticket_flags;
+#define KRB5_CCAPI_TKT_FLG_FORWARDABLE 0x40000000
+#define KRB5_CCAPI_TKT_FLG_FORWARDED 0x20000000
+#define KRB5_CCAPI_TKT_FLG_PROXIABLE 0x10000000
+#define KRB5_CCAPI_TKT_FLG_PROXY 0x08000000
+#define KRB5_CCAPI_TKT_FLG_MAY_POSTDATE 0x04000000
+#define KRB5_CCAPI_TKT_FLG_POSTDATED 0x02000000
+#define KRB5_CCAPI_TKT_FLG_INVALID 0x01000000
+#define KRB5_CCAPI_TKT_FLG_RENEWABLE 0x00800000
+#define KRB5_CCAPI_TKT_FLG_INITIAL 0x00400000
+#define KRB5_CCAPI_TKT_FLG_PRE_AUTH 0x00200000
+#define KRB5_CCAPI_TKT_FLG_HW_AUTH 0x00100000
+#define KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
+#define KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE 0x00040000
+#define KRB5_CCAPI_TKT_FLG_ANONYMOUS 0x00020000
cc_data **addresses;
cc_data ticket;
cc_data second_ticket;
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index ef9f5dbd60..221bd706f4 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <resolve.h>
-RCSID("$Id: krbhst.c,v 1.53 2005/10/08 15:40:50 lha Exp $");
+RCSID("$Id: krbhst.c,v 1.55 2006/04/02 10:32:20 lha Exp $");
static int
string_to_proto(const char *string)
@@ -241,8 +241,9 @@ _krb5_krbhost_info_move(krb5_context context,
krb5_krbhst_info *from,
krb5_krbhst_info **to)
{
+ size_t hostnamelen = strlen(from->hostname);
/* trailing NUL is included in structure */
- *to = calloc(1, sizeof(**to) + strlen(from->hostname));
+ *to = calloc(1, sizeof(**to) + hostnamelen);
if(*to == NULL) {
krb5_set_error_string(context, "malloc - out of memory");
return ENOMEM;
@@ -254,7 +255,7 @@ _krb5_krbhost_info_move(krb5_context context,
(*to)->ai = from->ai;
from->ai = NULL;
(*to)->next = NULL;
- strcpy((*to)->hostname, from->hostname);
+ memcpy((*to)->hostname, from->hostname, hostnamelen + 1);
return 0;
}
diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c
index 4f6381c858..7e478bf1e0 100644
--- a/source4/heimdal/lib/krb5/log.c
+++ b/source4/heimdal/lib/krb5/log.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: log.c,v 1.36 2005/06/17 04:25:05 lha Exp $");
+RCSID("$Id: log.c,v 1.38 2006/04/10 09:41:26 lha Exp $");
struct facility {
int min;
@@ -284,7 +284,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
ret = open_file(context, f, min, max, NULL, NULL, stderr, 1);
}else if(strcmp(p, "CONSOLE") == 0){
ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0);
- }else if(strncmp(p, "FILE:", 4) == 0 && (p[4] == ':' || p[4] == '=')){
+ }else if(strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')){
char *fn;
FILE *file = NULL;
int keep_open = 0;
@@ -300,6 +300,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
ret = errno;
krb5_set_error_string (context, "open(%s): %s", fn,
strerror(ret));
+ free(fn);
return ret;
}
file = fdopen(i, "a");
@@ -308,12 +309,13 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
close(i);
krb5_set_error_string (context, "fdopen(%s): %s", fn,
strerror(ret));
+ free(fn);
return ret;
}
keep_open = 1;
}
ret = open_file(context, f, min, max, fn, "a", file, keep_open);
- }else if(strncmp(p, "DEVICE=", 6) == 0){
+ }else if(strncmp(p, "DEVICE", 6) == 0 && (p[6] == ':' || p[6] == '=')){
ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0);
}else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){
char severity[128] = "";
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 1247bb22ca..fa4fb4699e 100755
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: pkinit.c,v 1.77 2006/02/14 10:08:29 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.88 2006/04/23 21:30:17 lha Exp $");
struct krb5_dh_moduli {
char *name;
@@ -45,71 +45,35 @@ struct krb5_dh_moduli {
#ifdef PKINIT
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/dh.h>
-#include <openssl/bn.h>
-#include <openssl/engine.h>
-#include <openssl/ui.h>
-
-#ifdef HAVE_DIRENT_H
-#include <dirent.h>
-#endif
+#include <heim_asn1.h>
+#include <rfc2459_asn1.h>
+#include <cms_asn1.h>
+#include <pkcs8_asn1.h>
+#include <pkcs9_asn1.h>
+#include <pkcs12_asn1.h>
+#include <pkinit_asn1.h>
+#include <asn1_err.h>
+
+#include <der.h>
-#include "heim_asn1.h"
-#include "rfc2459_asn1.h"
-#include "cms_asn1.h"
-#include "pkinit_asn1.h"
+#include <hx509.h>
enum {
COMPAT_WIN2K = 1,
COMPAT_IETF = 2
};
-#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \
-{ \
- unsigned char *p; \
- (BL) = i2d_##T((S), NULL); \
- if ((BL) <= 0) { \
- (R) = EINVAL; \
- } else { \
- (B) = malloc((BL)); \
- if ((B) == NULL) { \
- (R) = ENOMEM; \
- } else { \
- p = (B); \
- (R) = 0; \
- (BL) = i2d_##T((S), &p); \
- if ((BL) <= 0) { \
- free((B)); \
- (R) = ASN1_OVERRUN; \
- } \
- } \
- } \
-}
-
-/* ENGING_load_private_key requires a UI_METHOD and data
- * if to be usable from PAM
- */
-
-struct krb5_ui_data {
- krb5_context context;
- krb5_prompter_fct prompter;
- void * prompter_data;
-};
-
struct krb5_pk_identity {
- EVP_PKEY *private_key;
- STACK_OF(X509) *cert;
- STACK_OF(X509) *trusted_certs;
- STACK_OF(X509_CRL) *crls;
- ENGINE *engine;
+ hx509_context hx509ctx;
+ hx509_verify_ctx verify_ctx;
+ hx509_certs certs;
+ hx509_certs anchors;
+ hx509_certs certpool;
+ hx509_revoke_ctx revoke;
};
struct krb5_pk_cert {
- X509 *cert;
+ hx509_cert cert;
};
struct krb5_pk_init_ctx_data {
@@ -118,13 +82,16 @@ struct krb5_pk_init_ctx_data {
krb5_data *clientDHNonce;
struct krb5_dh_moduli **m;
int require_binding;
+ int require_eku;
+ int require_krbtgt_otherName;
};
void KRB5_LIB_FUNCTION
_krb5_pk_cert_free(struct krb5_pk_cert *cert)
{
- if (cert->cert)
- X509_free(cert->cert);
+ if (cert->cert) {
+ hx509_cert_free(cert->cert);
+ }
free(cert);
}
@@ -138,7 +105,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
return ENOMEM;
}
BN_bn2bin(bn, integer->data);
- integer->negative = bn->neg;
+ integer->negative = BN_is_negative(bn);
return 0;
}
@@ -152,315 +119,44 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
return NULL;
}
- bn->neg = f->negative;
+ BN_set_negative(bn, f->negative);
return bn;
}
-/*
- * UI ex_data has the callback_data as passed to Engine. This is far
- * from being complete, we will only process one prompt
- */
-
-static int
-krb5_ui_method_read_string(UI *ui, UI_STRING *uis)
-{
- char *buffer;
- size_t length;
- krb5_error_code ret;
- krb5_prompt prompt;
- krb5_data password_data;
- struct krb5_ui_data *ui_data;
-
- ui_data = (struct krb5_ui_data *)UI_get_app_data(ui);
-
- switch (UI_get_string_type(uis)) {
- case UIT_INFO:
- case UIT_ERROR:
- /* looks like the RedHat pam_prompter might handle
- * INFO and ERROR, Will see what happens */
- case UIT_VERIFY:
- case UIT_PROMPT:
- length = UI_get_result_maxsize(uis);
- buffer = malloc(length);
- if (buffer == NULL) {
- krb5_set_error_string(ui_data->context, "malloc: out of memory");
- return 0;
- }
- password_data.data = buffer;
- password_data.length = length;
-
- prompt.prompt = UI_get0_output_string(uis);
- prompt.hidden = !(UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO);
- prompt.reply = &password_data;
- prompt.type = KRB5_PROMPT_TYPE_PASSWORD;
-
- ret = (*ui_data->prompter)(ui_data->context,
- ui_data->prompter_data,
- NULL, NULL, 1, &prompt);
- if (ret == 0) {
- buffer[length - 1] = '\0';
- UI_set_result(ui, uis, password_data.data);
-
- /*
- * RedHat pam_krb5 pam_prompter does a strdup but others
- * may copy into buffer. XXX should we just leak the
- * memory instead ?
- */
-
- if (buffer != password_data.data)
- free(password_data.data);
- memset (buffer, 0, length);
- free(buffer);
- return 1;
- }
- memset (buffer, 0, length);
- free(buffer);
- break;
- case UIT_NONE:
- case UIT_BOOLEAN:
- /* XXX for now do not handle */
- break;
-
- }
- return 0;
-}
-
static krb5_error_code
-set_digest_alg(DigestAlgorithmIdentifier *id,
- const heim_oid *oid,
- void *param, size_t length)
-{
- krb5_error_code ret;
- if (param) {
- id->parameters = malloc(sizeof(*id->parameters));
- if (id->parameters == NULL)
- return ENOMEM;
- id->parameters->data = malloc(length);
- if (id->parameters->data == NULL) {
- free(id->parameters);
- id->parameters = NULL;
- return ENOMEM;
- }
- memcpy(id->parameters->data, param, length);
- id->parameters->length = length;
- } else
- id->parameters = NULL;
- ret = copy_oid(oid, &id->algorithm);
- if (ret) {
- if (id->parameters) {
- free(id->parameters->data);
- free(id->parameters);
- id->parameters = NULL;
- }
- return ret;
- }
- return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
_krb5_pk_create_sign(krb5_context context,
const heim_oid *eContentType,
krb5_data *eContent,
struct krb5_pk_identity *id,
krb5_data *sd_data)
{
- SignerInfo *signer_info;
- X509 *user_cert;
- heim_integer *serial;
- krb5_error_code ret;
- krb5_data buf;
- SignedData sd;
- EVP_MD_CTX md;
- int i;
- unsigned len;
- size_t size;
-
- X509_NAME *issuer_name;
-
- memset(&sd, 0, sizeof(sd));
-
- if (id == NULL)
- return HEIM_PKINIT_NO_CERTIFICATE;
- if (id->cert == NULL)
- return HEIM_PKINIT_NO_CERTIFICATE;
- if (id->private_key == NULL)
- return HEIM_PKINIT_NO_PRIVATE_KEY;
-
- if (sk_X509_num(id->cert) == 0)
- return HEIM_PKINIT_NO_CERTIFICATE;
-
- sd.version = 3;
-
- sd.digestAlgorithms.len = 0;
- sd.digestAlgorithms.val = NULL;
- copy_oid(eContentType, &sd.encapContentInfo.eContentType);
- ALLOC(sd.encapContentInfo.eContent, 1);
- if (sd.encapContentInfo.eContent == NULL) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
- }
-
- ret = krb5_data_copy(&buf, eContent->data, eContent->length);
- if (ret) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
- }
-
- sd.encapContentInfo.eContent->data = buf.data;
- sd.encapContentInfo.eContent->length = buf.length;
-
- ALLOC_SEQ(&sd.signerInfos, 1);
- if (sd.signerInfos.val == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- ret = ENOMEM;
- goto out;
- }
-
- signer_info = &sd.signerInfos.val[0];
-
- user_cert = sk_X509_value(id->cert, 0);
- if (user_cert == NULL) {
- krb5_set_error_string(context, "pkinit: no user certificate");
- ret = HEIM_PKINIT_NO_CERTIFICATE;
- goto out;
- }
-
- signer_info->version = 1;
-
- issuer_name = X509_get_issuer_name(user_cert);
-
- OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME,
- buf.data,
- buf.length,
- issuer_name,
- ret);
- if (ret) {
- krb5_set_error_string(context, "pkinit: failed encoding name");
- goto out;
- }
- ret = decode_Name(buf.data, buf.length,
- &signer_info->sid.u.issuerAndSerialNumber.issuer,
- NULL);
- free(buf.data);
- if (ret) {
- krb5_set_error_string(context, "pkinit: failed to parse Name");
- goto out;
- }
- signer_info->sid.element = choice_CMSIdentifier_issuerAndSerialNumber;
-
- serial = &signer_info->sid.u.issuerAndSerialNumber.serialNumber;
- {
- ASN1_INTEGER *isn = X509_get_serialNumber(user_cert);
- BIGNUM *bn = ASN1_INTEGER_to_BN(isn, NULL);
- if (bn == NULL) {
- ret = ENOMEM;
- krb5_set_error_string(context, "pkinit: failed allocating "
- "serial number");
- goto out;
- }
- ret = BN_to_integer(context, bn, serial);
- BN_free(bn);
- if (ret) {
- krb5_set_error_string(context, "pkinit: failed encoding "
- "serial number");
- goto out;
- }
- }
-
- ret = set_digest_alg(&signer_info->digestAlgorithm,
- oid_id_secsig_sha_1(), "\x05\x00", 2);
- if (ret) {
- krb5_set_error_string(context, "malloc: out of memory");
- goto out;
- }
-
- signer_info->signedAttrs = NULL;
- signer_info->unsignedAttrs = NULL;
-
- copy_oid(oid_id_pkcs1_rsaEncryption(),
- &signer_info->signatureAlgorithm.algorithm);
- signer_info->signatureAlgorithm.parameters = NULL;
-
- buf.data = malloc(EVP_PKEY_size(id->private_key));
- if (buf.data == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- ret = ENOMEM;
- goto out;
- }
-
- EVP_SignInit(&md, EVP_sha1());
- EVP_SignUpdate(&md,
- sd.encapContentInfo.eContent->data,
- sd.encapContentInfo.eContent->length);
- ret = EVP_SignFinal(&md, buf.data, &len, id->private_key);
- if (ret != 1) {
- free(buf.data);
- krb5_set_error_string(context, "PKINIT: failed to sign with "
- "private key: %s",
- ERR_error_string(ERR_get_error(), NULL));
- ret = EINVAL;
- goto out;
- }
-
- signer_info->signature.data = buf.data;
- signer_info->signature.length = len;
-
- ALLOC_SEQ(&sd.digestAlgorithms, 1);
- if (sd.digestAlgorithms.val == NULL) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
- }
-
- ret = set_digest_alg(&sd.digestAlgorithms.val[0],
- oid_id_secsig_sha_1(), "\x05\x00", 2);
- if (ret) {
- krb5_set_error_string(context, "malloc: out of memory");
- goto out;
- }
+ hx509_cert cert;
+ hx509_query *q;
+ int ret;
- ALLOC(sd.certificates, 1);
- if (sd.certificates == NULL) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
- }
+ ret = hx509_query_alloc(id->hx509ctx, &q);
+ if (ret)
+ return ret;
- i = sk_X509_num(id->cert);
- sd.certificates->val = malloc(sizeof(sd.certificates->val[0]) * i);
- if (sd.certificates->val == NULL) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
- }
- sd.certificates->len = i;
-
- for (i = 0; i < sk_X509_num(id->cert); i++) {
- OPENSSL_ASN1_MALLOC_ENCODE(X509,
- sd.certificates->val[i].data,
- sd.certificates->val[i].length,
- sk_X509_value(id->cert, i),
- ret);
- if (ret) {
- krb5_clear_error_string(context);
- goto out;
- }
- }
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
- ASN1_MALLOC_ENCODE(SignedData, sd_data->data, sd_data->length,
- &sd, &size, ret);
- if (ret) {
- krb5_set_error_string(context, "SignedData failed %d", ret);
- goto out;
- }
- if (sd_data->length != size)
- krb5_abortx(context, "internal ASN1 encoder error");
+ ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert);
+ hx509_query_free(id->hx509ctx, q);
+ if (ret)
+ return ret;
- out:
- free_SignedData(&sd);
+ ret = hx509_cms_create_signed_1(id->hx509ctx,
+ eContentType,
+ eContent->data,
+ eContent->length,
+ NULL,
+ cert,
+ NULL,
+ NULL,
+ sd_data);
+ hx509_cert_free(cert);
return ret;
}
@@ -813,230 +509,23 @@ _krb5_pk_mk_padata(krb5_context context,
} else
type = COMPAT_IETF;
- return pk_mk_padata(context, type, ctx, req_body, nonce, md);
-}
+ ctx->require_eku =
+ krb5_config_get_bool_default(context, NULL,
+ TRUE,
+ "realms",
+ req_body->realm,
+ "pkinit_require_eku",
+ NULL);
+ ctx->require_krbtgt_otherName =
+ krb5_config_get_bool_default(context, NULL,
+ TRUE,
+ "realms",
+ req_body->realm,
+ "pkinit_require_krbtgt_otherName",
+ NULL);
-static krb5_boolean
-pk_peer_compare(krb5_context context,
- const SignerIdentifier *peer1,
- X509 *peer2)
-{
- switch (peer1->element) {
- case choice_CMSIdentifier_issuerAndSerialNumber: {
- ASN1_INTEGER *i;
- const heim_integer *serial;
- X509_NAME *name;
- unsigned char *p;
- size_t len;
-
- i = X509_get_serialNumber(peer2);
- serial = &peer1->u.issuerAndSerialNumber.serialNumber;
-
- if (i->length != serial->length ||
- memcmp(i->data, serial->data, i->length) != 0)
- return FALSE;
-
- p = peer1->u.issuerAndSerialNumber.issuer._save.data;
- len = peer1->u.issuerAndSerialNumber.issuer._save.length;
- name = d2i_X509_NAME(NULL, &p, len);
- if (name == NULL)
- return FALSE;
-
- if (X509_NAME_cmp(name, X509_get_issuer_name(peer2)) != 0) {
- X509_NAME_free(name);
- return FALSE;
- }
- X509_NAME_free(name);
- break;
- }
- case choice_CMSIdentifier_subjectKeyIdentifier:
- return FALSE;
- default:
- return FALSE;
- }
- return TRUE;
-}
-static krb5_error_code
-pk_decrypt_key(krb5_context context,
- heim_octet_string *encrypted_key,
- EVP_PKEY *priv_key,
- krb5_keyblock *key)
-{
- int ret;
- unsigned char *buf;
-
- buf = malloc(EVP_PKEY_size(priv_key));
- if (buf == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
- ret = EVP_PKEY_decrypt(buf,
- encrypted_key->data,
- encrypted_key->length,
- priv_key);
- if (ret <= 0) {
- free(buf);
- krb5_set_error_string(context, "Can't decrypt key: %s",
- ERR_error_string(ERR_get_error(), NULL));
- return ENOMEM;
- }
-
- key->keytype = 0;
- key->keyvalue.length = ret;
- key->keyvalue.data = malloc(ret);
- if (key->keyvalue.data == NULL) {
- free(buf);
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
- memcpy(key->keyvalue.data, buf, ret);
- free(buf);
- return 0;
-}
-
-
-static krb5_error_code
-pk_verify_chain_standard(krb5_context context,
- struct krb5_pk_identity *id,
- const SignerIdentifier *client,
- STACK_OF(X509) *chain,
- X509 **client_cert)
-{
- X509_STORE *cert_store = NULL;
- X509_STORE_CTX *store_ctx = NULL;
- X509 *cert = NULL;
- int i;
- int ret;
-
- ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
- for (i = 0; i < sk_X509_num(chain); i++) {
- cert = sk_X509_value(chain, i);
- if (pk_peer_compare(context, client, cert) == TRUE) {
- ret = 0;
- break;
- }
- }
- if (ret) {
- krb5_set_error_string(context, "PKINIT: verify chain failed "
- "to find client in chain");
- return ret;
- }
-
- cert_store = X509_STORE_new();
- if (cert_store == NULL) {
- ret = ENOMEM;
- krb5_set_error_string(context, "PKINIT: can't create X509 store: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
-
- store_ctx = X509_STORE_CTX_new();
- if (store_ctx == NULL) {
- ret = ENOMEM;
- krb5_set_error_string(context,
- "PKINIT: can't create X509 store ctx: %s",
- ERR_error_string(ERR_get_error(), NULL));
- goto end;
- }
-
- X509_STORE_CTX_init(store_ctx, cert_store, cert, chain);
- X509_STORE_CTX_trusted_stack(store_ctx, id->trusted_certs);
- X509_verify_cert(store_ctx);
- /* the last checked certificate is in store_ctx->current_cert */
- krb5_clear_error_string(context);
- switch(store_ctx->error) {
- case X509_V_OK:
- ret = 0;
- break;
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
- ret = KRB5_KDC_ERR_CANT_VERIFY_CERTIFICATE;
- krb5_set_error_string(context, "PKINIT: failed to verify "
- "certificate: %s ",
- X509_verify_cert_error_string(store_ctx->error));
- break;
- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- case X509_V_ERR_CERT_HAS_EXPIRED:
- ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
- krb5_set_error_string(context, "PKINIT: invalid certificate: %s ",
- X509_verify_cert_error_string(store_ctx->error));
- break;
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
- case X509_V_ERR_CERT_CHAIN_TOO_LONG:
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- case X509_V_ERR_INVALID_CA:
- ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
- krb5_set_error_string(context, "PKINIT: unknown CA or can't "
- "verify certificate: %s",
- X509_verify_cert_error_string(store_ctx->error));
- break;
- default:
- ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; /* XXX */
- krb5_set_error_string(context, "PKINIT: failed to verify "
- "certificate: %s (%ld) ",
- X509_verify_cert_error_string(store_ctx->error),
- (long)store_ctx->error);
- break;
- }
- if (ret)
- goto end;
-
- /*
- * Since X509_verify_cert() doesn't do CRL checking at all, we have to
- * perform own verification against CRLs
- */
- /*
- * XXX add crl checking
- */
-
- if (client_cert && cert)
- *client_cert = X509_dup(cert);
-
- end:
- if (cert_store)
- X509_STORE_free(cert_store);
- if (store_ctx)
- X509_STORE_CTX_free(store_ctx);
- return ret;
-}
-
-static int
-cert_to_X509(krb5_context context, CertificateSet *set,
- STACK_OF(X509_CRL) **certs)
-{
- krb5_error_code ret;
- int i;
-
- *certs = sk_X509_new_null();
-
- if (set == NULL)
- return 0;
-
- ret = 0;
- for (i = 0; i < set->len; i++) {
- unsigned char *p;
- X509 *cert;
-
- p = set->val[i].data;
- cert = d2i_X509(NULL, &p, set->val[i].length);
- if (cert == NULL) {
- ret = ASN1_BAD_FORMAT;
- break;
- }
- sk_X509_insert(*certs, cert, i);
- }
- if (ret) {
- krb5_set_error_string(context,
- "PKINIT: Failed to decode certificate chain");
- sk_X509_free(*certs);
- *certs = NULL;
- }
- return ret;
+ return pk_mk_padata(context, type, ctx, req_body, nonce, md);
}
krb5_error_code KRB5_LIB_FUNCTION
@@ -1048,144 +537,67 @@ _krb5_pk_verify_sign(krb5_context context,
krb5_data *content,
struct krb5_pk_cert **signer)
{
- STACK_OF(X509) *certificates;
- SignerInfo *signer_info;
- const EVP_MD *evp_type;
- EVP_PKEY *public_key;
- krb5_error_code ret;
- EVP_MD_CTX md;
- X509 *cert = NULL;
- SignedData sd;
- size_t size;
-
- *signer = NULL;
- krb5_data_zero(content);
- contentType->length = 0;
- contentType->components = NULL;
-
- memset(&sd, 0, sizeof(sd));
-
- ret = decode_SignedData(data, length, &sd, &size);
- if (ret) {
- krb5_set_error_string(context,
- "PKINIT: decoding failed SignedData: %d",
- ret);
- goto out;
- }
-
- if (sd.encapContentInfo.eContent == NULL) {
- krb5_set_error_string(context,
- "PKINIT: signature missing encapContent");
- ret = KRB5KRB_AP_ERR_MSG_TYPE;
- goto out;
- }
-
- /* XXX Check CMS version */
-
- if (sd.signerInfos.len < 1) {
- krb5_set_error_string(context,
- "PKINIT: signature information missing from "
- "pkinit response");
- ret = KRB5_KDC_ERR_INVALID_SIG;
- goto out;
- }
-
- signer_info = &sd.signerInfos.val[0];
-
- {
- CertificateSet set;
- set.val = sd.certificates->val;
- set.len = sd.certificates->len;
+ hx509_certs signer_certs;
+ int ret;
- ret = cert_to_X509(context, &set, &certificates);
- }
- if (ret) {
- krb5_set_error_string(context,
- "PKINIT: failed to decode Certificates");
- goto out;
- }
+ *signer = NULL;
- ret = pk_verify_chain_standard(context, id,
- &signer_info->sid,
- certificates,
- &cert);
- sk_X509_free(certificates);
+ ret = hx509_cms_verify_signed(id->hx509ctx,
+ id->verify_ctx,
+ data,
+ length,
+ id->certpool,
+ contentType,
+ content,
+ &signer_certs);
if (ret)
- goto out;
-
- if (signer_info->signature.length == 0) {
- free_SignedData(&sd);
- X509_free(cert);
- krb5_set_error_string(context, "PKINIT: signature missing from"
- "pkinit response");
- return KRB5_KDC_ERR_INVALID_SIG;
- }
-
- public_key = X509_get_pubkey(cert);
-
- /* verify signature */
- if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm,
- oid_id_pkcs1_sha1WithRSAEncryption()) == 0)
- evp_type = EVP_sha1();
- else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm,
- oid_id_pkcs1_md5WithRSAEncryption()) == 0)
- evp_type = EVP_md5();
- else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm,
- oid_id_secsig_sha_1()) == 0)
- evp_type = EVP_sha1();
- else {
- X509_free(cert);
- krb5_set_error_string(context, "PKINIT: The requested digest "
- "algorithm is not supported");
- ret = KRB5_KDC_ERR_INVALID_SIG;
- goto out;
- }
-
- EVP_VerifyInit(&md, evp_type);
- EVP_VerifyUpdate(&md,
- sd.encapContentInfo.eContent->data,
- sd.encapContentInfo.eContent->length);
- ret = EVP_VerifyFinal(&md,
- signer_info->signature.data,
- signer_info->signature.length,
- public_key);
- if (ret != 1) {
- X509_free(cert);
- krb5_set_error_string(context, "PKINIT: signature didn't verify: %s",
- ERR_error_string(ERR_get_error(), NULL));
- ret = KRB5_KDC_ERR_INVALID_SIG;
- goto out;
- }
-
- ret = copy_oid(&sd.encapContentInfo.eContentType, contentType);
- if (ret) {
- krb5_clear_error_string(context);
- goto out;
- }
+ return ret;
- content->data = malloc(sd.encapContentInfo.eContent->length);
- if (content->data == NULL) {
+ *signer = calloc(1, sizeof(**signer));
+ if (*signer == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
- content->length = sd.encapContentInfo.eContent->length;
- memcpy(content->data,sd.encapContentInfo.eContent->data,content->length);
+
+ /* XXX */
+ {
+ hx509_cursor cursor;
- *signer = malloc(sizeof(**signer));
- if (*signer == NULL) {
- krb5_clear_error_string(context);
- ret = ENOMEM;
- goto out;
+ ret = hx509_certs_start_seq(id->hx509ctx,
+ signer_certs,
+ &cursor);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ ret = hx509_certs_next_cert(id->hx509ctx,
+ signer_certs,
+ cursor,
+ &(*signer)->cert);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ ret = hx509_certs_end_seq(id->hx509ctx,
+ signer_certs,
+ cursor);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
}
- (*signer)->cert = cert;
- out:
- free_SignedData(&sd);
+out:
+ hx509_certs_free(&signer_certs);
if (ret) {
- free_oid(contentType);
- krb5_data_free(content);
+ if (*signer) {
+ hx509_cert_free((*signer)->cert);
+ free(*signer);
+ *signer = NULL;
+ }
}
+
return ret;
}
@@ -1297,10 +709,60 @@ get_reply_key(krb5_context context,
static krb5_error_code
-pk_verify_host(krb5_context context, struct krb5_pk_cert *host)
+pk_verify_host(krb5_context context,
+ struct krb5_pk_init_ctx_data *ctx,
+ struct krb5_pk_cert *host)
{
- /* XXX */
- return 0;
+ krb5_error_code ret = 0;
+
+ if (ctx->require_eku) {
+ ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
+ oid_id_pkkdcekuoid(), 0);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ }
+ if (ctx->require_krbtgt_otherName) {
+ hx509_octet_string_list list;
+ krb5_error_code ret;
+ int i;
+
+ ret = hx509_cert_find_subjectAltName_otherName(host->cert,
+ oid_id_pkinit_san(),
+ &list);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+
+ for (i = 0; i < list.len; i++) {
+ KRB5PrincipalName r;
+ ret = decode_KRB5PrincipalName(list.val[i].data,
+ list.val[i].length,
+ &r,
+ NULL);
+ if (ret) {
+ krb5_clear_error_string(context);
+ break;
+ }
+
+#if 0
+ if (r.principalName.name.len != 2) {
+ krb5_clear_error_string(context);
+ ret = EINVAL;
+ }
+#endif
+ /* XXX verify realm */
+
+ free_KRB5PrincipalName(&r);
+ if (ret)
+ break;
+ }
+ hx509_free_octet_string_list(&list);
+ }
+
+ return ret;
}
static krb5_error_code
@@ -1316,33 +778,12 @@ pk_rd_pa_reply_enckey(krb5_context context,
krb5_keyblock **key)
{
krb5_error_code ret;
- EnvelopedData ed;
- krb5_keyblock tmp_key;
- krb5_crypto crypto;
- krb5_data plain;
- KeyTransRecipientInfo *ri;
- int length;
+ struct krb5_pk_cert *host = NULL;
size_t size;
- X509 *user_cert;
+ int length;
void *p;
- krb5_boolean bret;
krb5_data content;
heim_oid contentType = { 0, NULL };
- struct krb5_pk_cert *host = NULL;
- heim_octet_string encryptedContent;
- heim_octet_string *any;
- krb5_data ivec;
- krb5_data params;
-
-
- memset(&tmp_key, 0, sizeof(tmp_key));
- memset(&ed, 0, sizeof(ed));
- krb5_data_zero(&plain);
- krb5_data_zero(&content);
- krb5_data_zero(&encryptedContent);
- krb5_data_zero(&ivec);
-
- user_cert = sk_X509_value(ctx->id->cert, 0);
if (heim_oid_cmp(oid_id_pkcs7_envelopedData(), &rep->contentType)) {
krb5_set_error_string(context, "PKINIT: Invalid content type");
@@ -1354,106 +795,17 @@ pk_rd_pa_reply_enckey(krb5_context context,
return EINVAL;
}
- ret = decode_EnvelopedData(rep->content->data,
+ ret = hx509_cms_unenvelope(ctx->id->hx509ctx,
+ ctx->id->certs,
+ rep->content->data,
rep->content->length,
- &ed,
- &size);
- if (ret) {
- free_EnvelopedData(&ed);
- return ret;
- }
-
- if (ed.recipientInfos.len != 1) {
- free_EnvelopedData(&ed);
- krb5_set_error_string(context, "pkinit: Number of recipient infos "
- "not one (%d)",
- ed.recipientInfos.len);
- return EINVAL; /* XXX */
- }
-
- ri = &ed.recipientInfos.val[0];
-
- /* XXX make SignerIdentifier and RecipientIdentifier the same */
- bret = pk_peer_compare(context, (SignerIdentifier *)&ri->rid, user_cert);
- if (bret == FALSE) {
- ret = KRB5KRB_AP_ERR_BADMATCH; /* XXX */
- goto out;
- }
-
- if (heim_oid_cmp(oid_id_pkcs1_rsaEncryption(),
- &ri->keyEncryptionAlgorithm.algorithm)) {
- krb5_set_error_string(context, "PKINIT: invalid content type");
- return EINVAL;
- }
-
- ret = pk_decrypt_key(context, &ri->encryptedKey,
- ctx->id->private_key, &tmp_key);
- if (ret)
- goto out;
-
-
- /*
- * Try to verify content type. We can't do this for W2K case
- * because W2K/W2K3 sends id-pkcs7-data, but Windows Vista sends
- * id-pkcs7-signedData to all versions, even W2K clients.
- */
-
- if (type != COMPAT_WIN2K) {
- if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_signedData())) {
- ret = KRB5KRB_AP_ERR_MSG_TYPE;
- goto out;
- }
- }
-
- if (ed.encryptedContentInfo.encryptedContent == NULL) {
- krb5_set_error_string(context, "PKINIT: OPTIONAL encryptedContent "
- "field not filled in in KDC reply");
- ret = KRB5_BADMSGTYPE;
- goto out;
- }
-
- any = ed.encryptedContentInfo.encryptedContent;
- ret = der_get_octet_string(any->data, any->length,
- &encryptedContent, NULL);
- if (ret) {
- krb5_set_error_string(context,
- "PKINIT: encryptedContent content invalid");
- goto out;
- }
-
- if (ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters == NULL){
- krb5_set_error_string(context,
- "PKINIT: encryptedContent parameter missing");
- ret = KRB5_BADMSGTYPE;
- goto out;
- }
-
- params.data = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->data;
- params.length = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->length;
-
- ret = _krb5_oid_to_enctype(context,
- &ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm,
- &tmp_key.keytype);
- if (ret)
- goto out;
-
- ret = krb5_crypto_init(context, &tmp_key, 0, &crypto);
- if (ret)
- goto out;
-
- ret = krb5_crypto_get_params(context, crypto, &params, &ivec);
+ &contentType,
+ &content);
if (ret)
- goto out;
-
- ret = krb5_decrypt_ivec(context, crypto,
- 0,
- encryptedContent.data,
- encryptedContent.length,
- &plain,
- ivec.data);
+ return ret;
- p = plain.data;
- length = plain.length;
+ p = content.data;
+ length = content.length;
/* win2k uses ContentInfo */
if (type == COMPAT_WIN2K) {
@@ -1472,6 +824,13 @@ pk_rd_pa_reply_enckey(krb5_context context,
krb5_set_error_string(context, "PKINIT: Invalid content type");
goto out;
}
+ if (ci.content == NULL) {
+ ret = EINVAL; /* XXX */
+ krb5_set_error_string(context, "PKINIT: Invalid content type");
+ goto out;
+ }
+ krb5_data_free(&content);
+ content = *ci.content;
p = ci.content->data;
length = ci.content->length;
}
@@ -1487,7 +846,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
goto out;
/* make sure that it is the kdc's certificate */
- ret = pk_verify_host(context, host);
+ ret = pk_verify_host(context, ctx, host);
if (ret) {
krb5_set_error_string(context, "PKINIT: failed verify host: %d", ret);
goto out;
@@ -1528,11 +887,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
if (host)
_krb5_pk_cert_free(host);
free_oid(&contentType);
- free_octet_string(&encryptedContent);
krb5_data_free(&content);
- krb5_free_keyblock_contents(context, &tmp_key);
- krb5_data_free(&plain);
- krb5_data_free(&ivec);
return ret;
}
@@ -1550,7 +905,6 @@ pk_rd_pa_reply_dh(krb5_context context,
krb5_keyblock **key)
{
unsigned char *p, *dh_gen_key = NULL;
- ASN1_INTEGER *dh_pub_key = NULL;
struct krb5_pk_cert *host = NULL;
BIGNUM *kdc_dh_pubkey = NULL;
KDCDHKeyInfo kdc_dh_info;
@@ -1584,7 +938,7 @@ pk_rd_pa_reply_dh(krb5_context context,
goto out;
/* make sure that it is the kdc's certificate */
- ret = pk_verify_host(context, host);
+ ret = pk_verify_host(context, ctx, host);
if (ret)
goto out;
@@ -1623,7 +977,7 @@ pk_rd_pa_reply_dh(krb5_context context,
}
} else {
if (k_n) {
- krb5_set_error_string(context, "pkinit; got server nonce "
+ krb5_set_error_string(context, "pkinit: got server nonce "
"without key expiration");
ret = KRB5KRB_ERR_GENERIC;
goto out;
@@ -1634,22 +988,24 @@ pk_rd_pa_reply_dh(krb5_context context,
p = kdc_dh_info.subjectPublicKey.data;
size = (kdc_dh_info.subjectPublicKey.length + 7) / 8;
- dh_pub_key = d2i_ASN1_INTEGER(NULL, &p, size);
- if (dh_pub_key == NULL) {
- krb5_set_error_string(context,
- "PKINIT: Can't parse KDC's DH public key");
- ret = KRB5KRB_ERR_GENERIC;
- goto out;
- }
- kdc_dh_pubkey = ASN1_INTEGER_to_BN(dh_pub_key, NULL);
- if (kdc_dh_pubkey == NULL) {
- krb5_set_error_string(context,
- "PKINIT: Can't convert KDC's DH public key");
- ret = KRB5KRB_ERR_GENERIC;
- goto out;
- }
+ {
+ DHPublicKey k;
+ ret = decode_DHPublicKey(p, size, &k, NULL);
+ if (ret) {
+ krb5_set_error_string(context, "pkinit: can't decode "
+ "without key expiration");
+ goto out;
+ }
+ kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
+ free_DHPublicKey(&k);
+ if (kdc_dh_pubkey == NULL) {
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ }
+
dh_gen_keylen = DH_size(ctx->dh);
size = BN_num_bytes(ctx->dh->p);
if (size < dh_gen_keylen)
@@ -1667,8 +1023,7 @@ pk_rd_pa_reply_dh(krb5_context context,
kdc_dh_pubkey, ctx->dh);
if (dh_gen_keylen == -1) {
krb5_set_error_string(context,
- "PKINIT: Can't compute Diffie-Hellman key (%s)",
- ERR_error_string(ERR_get_error(), NULL));
+ "PKINIT: Can't compute Diffie-Hellman key");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
@@ -1700,8 +1055,6 @@ pk_rd_pa_reply_dh(krb5_context context,
memset(dh_gen_key, 0, DH_size(ctx->dh));
free(dh_gen_key);
}
- if (dh_pub_key)
- ASN1_INTEGER_free(dh_pub_key);
if (host)
_krb5_pk_cert_free(host);
if (content.data)
@@ -1726,7 +1079,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
ContentInfo ci;
size_t size;
- /* Check for PK-INIT -27 */
+ /* Check for IETF PK-INIT first */
if (pa->padata_type == KRB5_PADATA_PK_AS_REP) {
PA_PK_AS_REP rep;
@@ -1747,7 +1100,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&size);
if (ret) {
krb5_set_error_string(context,
- "PKINIT: -25 decoding failed DH "
+ "PKINIT: decoding failed DH "
"ContentInfo: %d", ret);
free_PA_PK_AS_REP(&rep);
@@ -1821,7 +1174,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
return ret;
}
ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx,
- etype, hi, nonce, NULL, pa, key);
+ etype, hi, nonce, req_buffer, pa, key);
free_ContentInfo(&ci);
break;
default:
@@ -1837,598 +1190,158 @@ _krb5_pk_rd_pa_reply(krb5_context context,
return ret;
}
-static int
-ssl_pass_cb(char *buf, int size, int rwflag, void *u)
+struct prompter {
+ krb5_context context;
+ krb5_prompter_fct prompter;
+ void *prompter_data;
+};
+
+static int
+hx_pass_prompter(void *data, const hx509_prompt *prompter)
{
krb5_error_code ret;
krb5_prompt prompt;
krb5_data password_data;
- krb5_prompter_fct prompter = u;
+ struct prompter *p = data;
- password_data.data = buf;
- password_data.length = size;
+ password_data.data = prompter->reply->data;
+ password_data.length = prompter->reply->length;
prompt.prompt = "Enter your private key passphrase: ";
prompt.hidden = 1;
prompt.reply = &password_data;
- prompt.type = KRB5_PROMPT_TYPE_PASSWORD;
+ if (prompter->hidden)
+ prompt.type = KRB5_PROMPT_TYPE_PASSWORD;
+ else
+ prompt.type = KRB5_PROMPT_TYPE_PREAUTH; /* XXX */
- ret = (*prompter)(NULL, NULL, NULL, NULL, 1, &prompt);
+ ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
if (ret) {
- memset (buf, 0, size);
+ memset (prompter->reply->data, 0, prompter->reply->length);
return 0;
}
- return strlen(buf);
-}
-
-static krb5_error_code
-load_openssl_cert(krb5_context context,
- const char *file,
- STACK_OF(X509) **c)
-{
- STACK_OF(X509) *certificate;
- krb5_error_code ret;
- FILE *f;
-
- f = fopen(file, "r");
- if (f == NULL) {
- ret = errno;
- krb5_set_error_string(context, "PKINIT: open failed %s: %s",
- file, strerror(ret));
- return ret;
- }
-
- certificate = sk_X509_new_null();
- while (1) {
- /* see http://www.openssl.org/docs/crypto/pem.html section BUGS */
- X509 *cert;
- cert = PEM_read_X509(f, NULL, NULL, NULL);
- if (cert == NULL) {
- if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) {
- /* End of file reached. no error */
- ERR_clear_error();
- break;
- }
- krb5_set_error_string(context, "PKINIT: Can't read certificate");
- fclose(f);
- return HEIM_PKINIT_CERTIFICATE_INVALID;
- }
- sk_X509_insert(certificate, cert, sk_X509_num(certificate));
- }
- fclose(f);
- if (sk_X509_num(certificate) == 0) {
- krb5_set_error_string(context, "PKINIT: No certificate found");
- return HEIM_PKINIT_NO_CERTIFICATE;
- }
- *c = certificate;
- return 0;
-}
-
-static krb5_error_code
-load_openssl_file(krb5_context context,
- char *password,
- krb5_prompter_fct prompter,
- void *prompter_data,
- const char *user_id,
- struct krb5_pk_identity *id)
-{
- krb5_error_code ret;
- STACK_OF(X509) *certificate = NULL;
- char *cert_file = NULL, *key_file;
- EVP_PKEY *private_key = NULL;
- FILE *f;
-
- cert_file = strdup(user_id);
- if (cert_file == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
- key_file = strchr(cert_file, ',');
- if (key_file == NULL) {
- krb5_set_error_string(context, "PKINIT: key file missing");
- ret = HEIM_PKINIT_NO_PRIVATE_KEY;
- goto out;
- }
- *key_file++ = '\0';
-
- ret = load_openssl_cert(context, cert_file, &certificate);
- if (ret)
- goto out;
-
- /* load private key */
- f = fopen(key_file, "r");
- if (f == NULL) {
- ret = errno;
- krb5_set_error_string(context, "PKINIT: open %s: %s",
- key_file, strerror(ret));
- goto out;
- }
- if (password == NULL || password[0] == '\0') {
- if (prompter == NULL)
- prompter = krb5_prompter_posix;
- private_key = PEM_read_PrivateKey(f, NULL, ssl_pass_cb, prompter);
- } else
- private_key = PEM_read_PrivateKey(f, NULL, NULL, password);
- fclose(f);
- if (private_key == NULL) {
- krb5_set_error_string(context, "PKINIT: Can't read private key");
- ret = HEIM_PKINIT_PRIVATE_KEY_INVALID;
- goto out;
- }
- ret = X509_check_private_key(sk_X509_value(certificate, 0), private_key);
- if (ret != 1) {
- ret = HEIM_PKINIT_PRIVATE_KEY_INVALID;
- krb5_set_error_string(context,
- "PKINIT: The private key doesn't match "
- "the public key certificate");
- goto out;
- }
-
- id->private_key = private_key;
- id->cert = certificate;
-
- return 0;
- out:
- if (cert_file)
- free(cert_file);
- if (certificate)
- sk_X509_pop_free(certificate, X509_free);
- if (private_key)
- EVP_PKEY_free(private_key);
-
- return ret;
-}
-
-static int
-add_pair(krb5_context context, char *str, char ***cmds, int *num)
-{
- char **c;
- char *p;
- int i;
-
- p = strchr(str, ':');
- if (p) {
- *p = '\0';
- p++;
- }
-
- /* filter out dup keys */
- for (i = 0; i < *num; i++)
- if (strcmp((*cmds)[i * 2], str) == 0)
- return 0;
-
- c = realloc(*cmds, sizeof(*c) * ((*num + 1) * 2));
- if (c == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
-
- c[(*num * 2)] = str;
- c[(*num * 2) + 1] = p;
- *num += 1;
- *cmds = c;
- return 0;
-}
-
-static krb5_error_code
-eval_pairs(krb5_context context, ENGINE *e, const char *name,
- const char *type, char **cmds, int num)
-{
- int i;
-
- for (i = 0; i < num; i++) {
- char *a1 = cmds[i * 2], *a2 = cmds[(i * 2) + 1];
- if(!ENGINE_ctrl_cmd_string(e, a1, a2, 0)) {
- krb5_set_error_string(context,
- "PKINIT: Failed %scommand (%s - %s:%s): %s",
- type, name, a1, a2 ? a2 : "(NULL)",
- ERR_error_string(ERR_get_error(), NULL));
- return HEIM_PKINIT_NO_PRIVATE_KEY;
- }
- }
- return 0;
-}
-
-struct engine_context {
- char **pre_cmds;
- char **post_cmds;
- int num_pre;
- int num_post;
- char *engine_name;
- char *cert_file;
- char *key_id;
-};
-
-static krb5_error_code
-parse_openssl_engine_conf(krb5_context context,
- struct engine_context *ctx,
- char *line)
-{
- krb5_error_code ret;
- char *last, *p, *q;
-
- for (p = strtok_r(line, ",", &last);
- p != NULL;
- p = strtok_r(NULL, ",", &last)) {
-
- q = strchr(p, '=');
- if (q == NULL) {
- krb5_set_error_string(context,
- "PKINIT: openssl engine configuration "
- "key %s missing = and thus value", p);
- return HEIM_PKINIT_NO_PRIVATE_KEY;
- }
- *q = '\0';
- q++;
- if (strcasecmp("PRE", p) == 0) {
- ret = add_pair(context, q, &ctx->pre_cmds, &ctx->num_pre);
- if (ret)
- return ret;
- } else if (strcasecmp("POST", p) == 0) {
- ret = add_pair(context, q, &ctx->post_cmds, &ctx->num_post);
- if (ret)
- return ret;
- } else if (strcasecmp("KEY", p) == 0) {
- ctx->key_id = q;
- } else if (strcasecmp("CERT", p) == 0) {
- ctx->cert_file = q;
- } else if (strcasecmp("ENGINE", p) == 0) {
- ctx->engine_name = q;
- } else {
- krb5_set_error_string(context,
- "PKINIT: openssl engine configuration "
- "key %s is unknown", p);
- return HEIM_PKINIT_NO_PRIVATE_KEY;
- }
- }
- return 0;
-}
-
-
-static krb5_error_code
-load_openssl_engine(krb5_context context,
- char *password,
- krb5_prompter_fct prompter,
- void *prompter_data,
- const char *string,
- struct krb5_pk_identity *id)
-{
- struct engine_context ctx;
- krb5_error_code ret;
- const char *f;
- char *file_conf = NULL, *user_conf = NULL;
- ENGINE *e = NULL;
-
- memset(&ctx, 0, sizeof(ctx));
-
- ENGINE_load_builtin_engines();
-
- user_conf = strdup(string);
- if (user_conf == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
-
- ret = parse_openssl_engine_conf(context, &ctx, user_conf);
- if (ret)
- goto out;
-
- f = krb5_config_get_string_default(context, NULL, NULL,
- "libdefaults",
- "pkinit-openssl-engine",
- NULL);
- if (f) {
- file_conf = strdup(f);
- if (file_conf) {
- ret = parse_openssl_engine_conf(context, &ctx, file_conf);
- if (ret)
- goto out;
- }
- }
-
- if (ctx.cert_file == NULL) {
- krb5_set_error_string(context,
- "PKINIT: openssl engine missing certificate");
- ret = HEIM_PKINIT_NO_CERTIFICATE;
- goto out;
- }
- if (ctx.key_id == NULL) {
- krb5_set_error_string(context,
- "PKINIT: openssl engine missing key id");
- ret = HEIM_PKINIT_NO_PRIVATE_KEY;
- goto out;
- }
- if (ctx.engine_name == NULL) {
- krb5_set_error_string(context,
- "PKINIT: openssl engine missing engine name");
- ret = HEIM_PKINIT_NO_PRIVATE_KEY;
- goto out;
- }
-
- e = ENGINE_by_id(ctx.engine_name);
- if (e == NULL) {
- krb5_set_error_string(context,
- "PKINIT: failed getting openssl engine %s: %s",
- ctx.engine_name,
- ERR_error_string(ERR_get_error(), NULL));
- ret = HEIM_PKINIT_NO_PRIVATE_KEY;
- goto out;
- }
-
- ret = eval_pairs(context, e, ctx.engine_name, "pre",
- ctx.pre_cmds, ctx.num_pre);
- if (ret)
- goto out;
-
- if(!ENGINE_init(e)) {
- ret = HEIM_PKINIT_NO_PRIVATE_KEY;
- krb5_set_error_string(context,
- "PKINIT: openssl engine init %s failed: %s",
- ctx.engine_name,
- ERR_error_string(ERR_get_error(), NULL));
- ENGINE_free(e);
- goto out;
- }
-
- ret = eval_pairs(context, e, ctx.engine_name, "post",
- ctx.post_cmds, ctx.num_post);
- if (ret)
- goto out;
-
- /*
- * If the engine supports a LOAD_CERT_CTRL function, lets try
- * it. OpenSC support this function. Eventially this should be
- * a ENGINE_load_cert function if it failes, treat it like a
- * non fatal error.
- */
- {
- struct {
- const char * cert_id;
- X509 * cert;
- } parms;
-
- parms.cert_id = ctx.cert_file;
- parms.cert = NULL;
- ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
- if (parms.cert) {
- id->cert = sk_X509_new_null();
- sk_X509_insert(id->cert, parms.cert, 0);
- }
- }
-
- if (id->cert == NULL) {
- ret = load_openssl_cert(context, ctx.cert_file, &id->cert);
- if (ret)
- goto out;
- }
-
- {
- UI_METHOD * krb5_ui_method = NULL;
- struct krb5_ui_data ui_data;
-
- krb5_ui_method = UI_create_method("Krb5 ui method");
- if (krb5_ui_method == NULL) {
- krb5_set_error_string(context,
- "PKINIT: failed to setup prompter "
- "function: %s",
- ERR_error_string(ERR_get_error(), NULL));
- ret = HEIM_PKINIT_NO_PRIVATE_KEY;
- goto out;
- }
- UI_method_set_reader(krb5_ui_method, krb5_ui_method_read_string);
-
- ui_data.context = context;
- ui_data.prompter = prompter;
- if (prompter == NULL)
- ui_data.prompter = krb5_prompter_posix;
- ui_data.prompter_data = prompter_data;
-
- id->private_key = ENGINE_load_private_key(e,
- ctx.key_id,
- krb5_ui_method,
- (void*) &ui_data);
- UI_destroy_method(krb5_ui_method);
- }
-
- if (id->private_key == NULL) {
- krb5_set_error_string(context,
- "PKINIT: failed to load private key: %s",
- ERR_error_string(ERR_get_error(), NULL));
- ret = HEIM_PKINIT_NO_PRIVATE_KEY;
- goto out;
- }
-
- ret = X509_check_private_key(sk_X509_value(id->cert, 0), id->private_key);
- if (ret != 1) {
- ret = HEIM_PKINIT_PRIVATE_KEY_INVALID;
- krb5_set_error_string(context,
- "PKINIT: The private key doesn't match "
- "the public key certificate");
- goto out;
- }
-
- if (user_conf)
- free(user_conf);
- if (file_conf)
- free(file_conf);
-
- id->engine = e;
-
- return 0;
-
- out:
- if (user_conf)
- free(user_conf);
- if (file_conf)
- free(file_conf);
- if (e) {
- ENGINE_finish(e); /* make sure all shared libs are unloaded */
- ENGINE_free(e);
- }
-
- return ret;
+ return strlen(prompter->reply->data);
}
krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_load_openssl_id(krb5_context context,
- struct krb5_pk_identity **ret_id,
- const char *user_id,
- const char *x509_anchors,
- krb5_prompter_fct prompter,
- void *prompter_data,
- char *password)
+_krb5_pk_load_id(krb5_context context,
+ struct krb5_pk_identity **ret_id,
+ const char *user_id,
+ const char *anchor_id,
+ char * const *chain,
+ char * const *revoke,
+ krb5_prompter_fct prompter,
+ void *prompter_data,
+ char *password)
{
- STACK_OF(X509) *trusted_certs = NULL;
struct krb5_pk_identity *id = NULL;
- krb5_error_code ret;
- struct dirent *file;
- char *dirname = NULL;
- DIR *dir;
- FILE *f;
- krb5_error_code (*load_pair)(krb5_context,
- char *,
- krb5_prompter_fct,
- void *,
- const char *,
- struct krb5_pk_identity *) = NULL;
-
+ hx509_lock lock = NULL;
+ struct prompter p;
+ int ret;
*ret_id = NULL;
- if (x509_anchors == NULL) {
- krb5_set_error_string(context, "PKINIT: No root ca directory given");
+ if (anchor_id == NULL) {
+ krb5_set_error_string(context, "PKINIT: No anchor given");
return HEIM_PKINIT_NO_VALID_CA;
}
if (user_id == NULL) {
krb5_set_error_string(context,
- "PKINIT: No user X509 source given given");
+ "PKINIT: No user certificate given");
return HEIM_PKINIT_NO_PRIVATE_KEY;
}
- /*
- *
- */
-
- if (strncasecmp(user_id, "FILE:", 5) == 0) {
- load_pair = load_openssl_file;
- user_id += 5;
- } else if (strncasecmp(user_id, "ENGINE:", 7) == 0) {
- load_pair = load_openssl_engine;
- user_id += 7;
- } else {
- krb5_set_error_string(context, "PKINIT: user identity not FILE");
- return HEIM_PKINIT_NO_CERTIFICATE;
- }
- if (strncasecmp(x509_anchors, "OPENSSL-ANCHOR-DIR:", 19) != 0) {
- krb5_set_error_string(context, "PKINIT: anchor OPENSSL-ANCHOR-DIR");
- return HEIM_PKINIT_NO_VALID_CA;
- }
- x509_anchors += 19;
+ /* load cert */
- id = malloc(sizeof(*id));
+ id = calloc(1, sizeof(*id));
if (id == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
- memset(id, 0, sizeof(*id));
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- ret = (*load_pair)(context, password, prompter, prompter_data, user_id, id);
+ ret = hx509_context_init(&id->hx509ctx);
if (ret)
goto out;
- /* load anchors */
+ ret = hx509_lock_init(id->hx509ctx, &lock);
+ if (password)
+ hx509_lock_add_password(lock, password);
- dirname = strdup(x509_anchors);
- if (dirname == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- ret = ENOMEM;
- goto out;
- }
+ if (prompter) {
+ p.context = context;
+ p.prompter = prompter;
+ p.prompter_data = prompter_data;
- {
- size_t len;
- len = strlen(dirname);
- if (dirname[len - 1] == '/')
- dirname[len - 1] = '\0';
+ ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
+ if (ret)
+ goto out;
}
- /* read ca certificates */
- dir = opendir(dirname);
- if (dir == NULL) {
- ret = errno;
- krb5_set_error_string(context, "PKINIT: open directory %s: %s",
- dirname, strerror(ret));
+ ret = hx509_certs_init(id->hx509ctx, user_id, 0, NULL, &id->certs);
+ if (ret)
goto out;
- }
- trusted_certs = sk_X509_new_null();
- while ((file = readdir(dir)) != NULL) {
- X509 *cert;
- char *filename;
+ ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors);
+ if (ret)
+ goto out;
- /*
- * Assume the certificate filenames constist of hashed subject
- * name followed by suffix ".0"
- */
+ ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain",
+ 0, NULL, &id->certpool);
+ if (ret)
+ goto out;
- if (strlen(file->d_name) == 10 && strcmp(&file->d_name[8],".0") == 0) {
- asprintf(&filename, "%s/%s", dirname, file->d_name);
- if (filename == NULL) {
- ret = ENOMEM;
- krb5_set_error_string(context, "malloc: out or memory");
- goto out;
- }
- f = fopen(filename, "r");
- if (f == NULL) {
- ret = errno;
- krb5_set_error_string(context, "PKINIT: open %s: %s",
- filename, strerror(ret));
- free(filename);
- closedir(dir);
- goto out;
- }
- cert = PEM_read_X509(f, NULL, NULL, NULL);
- fclose(f);
- if (cert != NULL) {
- /* order of the certs is not important */
- sk_X509_push(trusted_certs, cert);
- }
- free(filename);
+ while (chain && *chain) {
+ ret = hx509_certs_append(id->hx509ctx, id->certpool, NULL, *chain);
+ if (ret) {
+ krb5_set_error_string(context,
+ "pkinit failed to load chain %s",
+ *chain);
+ goto out;
}
+ chain++;
}
- closedir(dir);
- if (sk_X509_num(trusted_certs) == 0) {
- krb5_set_error_string(context,
- "PKINIT: No CA certificate(s) found in %s",
- dirname);
- ret = HEIM_PKINIT_NO_VALID_CA;
- goto out;
- }
+ if (revoke) {
+ ret = hx509_revoke_init(id->hx509ctx, &id->revoke);
+ if (ret) {
+ krb5_set_error_string(context, "revoke failed to init");
+ goto out;
+ }
- id->trusted_certs = trusted_certs;
+ while (*revoke) {
+ ret = hx509_revoke_add_crl(id->hx509ctx, id->revoke, *revoke);
+ if (ret) {
+ krb5_set_error_string(context,
+ "pkinit failed to load revoke %s",
+ *revoke);
+ goto out;
+ }
+ revoke++;
+ }
+ } else
+ hx509_context_set_missing_revoke(id->hx509ctx, 1);
- *ret_id = id;
+ ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
+ if (ret)
+ goto out;
- return 0;
+ hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
+ hx509_verify_attach_revoke(id->verify_ctx, id->revoke);
- out:
- if (dirname)
- free(dirname);
- if (trusted_certs)
- sk_X509_pop_free(trusted_certs, X509_free);
- if (id) {
- if (id->cert)
- sk_X509_pop_free(id->cert, X509_free);
- if (id->private_key)
- EVP_PKEY_free(id->private_key);
+out:
+ if (ret) {
+ hx509_verify_destroy_ctx(id->verify_ctx);
+ hx509_certs_free(&id->certs);
+ hx509_certs_free(&id->anchors);
+ hx509_certs_free(&id->certpool);
+ hx509_revoke_free(&id->revoke);
+ hx509_context_free(&id->hx509ctx);
free(id);
- }
+ } else
+ *ret_id = id;
+
+ hx509_lock_free(lock);
return ret;
}
@@ -2704,17 +1617,12 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
DH_free(ctx->dh);
ctx->dh = NULL;
if (ctx->id) {
- if (ctx->id->cert)
- sk_X509_pop_free(ctx->id->cert, X509_free);
- if (ctx->id->trusted_certs)
- sk_X509_pop_free(ctx->id->trusted_certs, X509_free);
- if (ctx->id->private_key)
- EVP_PKEY_free(ctx->id->private_key);
- if (ctx->id->engine) {
- ENGINE_finish(ctx->id->engine); /* unload shared libs etc */
- ENGINE_free(ctx->id->engine);
- ctx->id->engine = NULL;
- }
+ hx509_verify_destroy_ctx(ctx->id->verify_ctx);
+ hx509_certs_free(&ctx->id->certs);
+ hx509_certs_free(&ctx->id->anchors);
+ hx509_certs_free(&ctx->id->certpool);
+ hx509_context_free(&ctx->id->hx509ctx);
+
if (ctx->clientDHNonce) {
krb5_free_data(NULL, ctx->clientDHNonce);
ctx->clientDHNonce = NULL;
@@ -2734,6 +1642,8 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
krb5_principal principal,
const char *user_id,
const char *x509_anchors,
+ char * const * chain,
+ char * const * revoke,
int flags,
krb5_prompter_fct prompter,
void *prompter_data,
@@ -2757,14 +1667,18 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
opt->opt_private->pk_init_ctx->id = NULL;
opt->opt_private->pk_init_ctx->clientDHNonce = NULL;
opt->opt_private->pk_init_ctx->require_binding = 0;
-
- ret = _krb5_pk_load_openssl_id(context,
- &opt->opt_private->pk_init_ctx->id,
- user_id,
- x509_anchors,
- prompter,
- prompter_data,
- password);
+ opt->opt_private->pk_init_ctx->require_eku = 1;
+ opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1;
+
+ ret = _krb5_pk_load_id(context,
+ &opt->opt_private->pk_init_ctx->id,
+ user_id,
+ x509_anchors,
+ chain,
+ revoke,
+ prompter,
+ prompter_data,
+ password);
if (ret) {
free(opt->opt_private->pk_init_ctx);
opt->opt_private->pk_init_ctx = NULL;
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c
index 6cc49945cc..34086b1fbe 100644
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -41,7 +41,7 @@
#include <fnmatch.h>
#include "resolve.h"
-RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $");
+RCSID("$Id: principal.c,v 1.94 2006/04/10 10:10:01 lha Exp $");
#define princ_num_comp(P) ((P)->name.name_string.len)
#define princ_type(P) ((P)->name.name_type)
@@ -105,7 +105,7 @@ parse_name(krb5_context context,
{
krb5_error_code ret;
heim_general_string *comp;
- heim_general_string realm;
+ heim_general_string realm = NULL;
int ncomp;
const char *p;
@@ -246,6 +246,7 @@ exit:
free(comp[--n]);
}
free(comp);
+ free(realm);
free(s);
return ret;
}
@@ -825,16 +826,21 @@ krb5_425_conv_principal_ext2(krb5_context context,
struct dns_reply *r;
r = dns_lookup(instance, "aaaa");
- if (r && r->head && r->head->type == T_AAAA) {
- inst = strdup(r->head->domain);
+ if (r) {
+ if (r->head && r->head->type == T_AAAA) {
+ inst = strdup(r->head->domain);
+ dns_free_data(r);
+ passed = TRUE;
+ }
dns_free_data(r);
- passed = TRUE;
} else {
r = dns_lookup(instance, "a");
- if(r && r->head && r->head->type == T_A) {
- inst = strdup(r->head->domain);
+ if (r) {
+ if(r->head && r->head->type == T_A) {
+ inst = strdup(r->head->domain);
+ passed = TRUE;
+ }
dns_free_data(r);
- passed = TRUE;
}
}
#else
diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c
index d62adadf26..520b3a1418 100644
--- a/source4/heimdal/lib/krb5/rd_cred.c
+++ b/source4/heimdal/lib/krb5/rd_cred.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_cred.c,v 1.26 2005/11/02 08:36:42 lha Exp $");
+RCSID("$Id: rd_cred.c,v 1.28 2006/04/02 02:27:33 lha Exp $");
static krb5_error_code
compare_addrs(krb5_context context,
@@ -257,8 +257,10 @@ krb5_rd_cred(krb5_context context,
ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
&cred.tickets.val[i], &len, ret);
- if (ret)
+ if (ret) {
+ free(creds);
goto out;
+ }
if(creds->ticket.length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
copy_EncryptionKey (&kci->key, &creds->session);
@@ -302,6 +304,7 @@ krb5_rd_cred(krb5_context context,
for(i = 0; (*ret_creds)[i]; i++)
krb5_free_creds(context, (*ret_creds)[i]);
free(*ret_creds);
+ *ret_creds = NULL;
}
return ret;
}
diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c
index bf82ad556e..c52ac175fd 100644
--- a/source4/heimdal/lib/krb5/rd_priv.c
+++ b/source4/heimdal/lib/krb5/rd_priv.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $");
+RCSID("$Id: rd_priv.c,v 1.33 2006/04/12 16:18:10 lha Exp $");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_priv(krb5_context context,
@@ -50,8 +50,8 @@ krb5_rd_priv(krb5_context context,
krb5_keyblock *key;
krb5_crypto crypto;
- if (outdata)
- krb5_data_zero(outdata);
+ if (outbuf)
+ krb5_data_zero(outbuf);
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@@ -161,7 +161,7 @@ krb5_rd_priv(krb5_context context,
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
/* if these fields are not present in the priv-part, silently
return zero */
- krb5_data_zero(outdata);
+ memset(outdata, 0, sizeof(*outdata));
if(part.timestamp)
outdata->timestamp = *part.timestamp;
if(part.usec)
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 313c14f6e6..0d4635b964 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_req.c,v 1.61 2005/11/29 18:22:51 lha Exp $");
+RCSID("$Id: rd_req.c,v 1.63 2006/04/10 10:14:44 lha Exp $");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@@ -279,8 +279,10 @@ krb5_verify_authenticator_checksum(krb5_context context,
&authenticator);
if(ret)
return ret;
- if(authenticator->cksum == NULL)
+ if(authenticator->cksum == NULL) {
+ krb5_free_authenticator(context, &authenticator);
return -17;
+ }
ret = krb5_auth_con_getkey(context, ac, &key);
if(ret) {
krb5_free_authenticator(context, &authenticator);
@@ -340,6 +342,9 @@ krb5_verify_ap_req2(krb5_context context,
krb5_error_code ret;
EtypeList etypes;
+ if (ticket)
+ *ticket = NULL;
+
if (auth_context && *auth_context) {
ac = *auth_context;
} else {
@@ -348,13 +353,12 @@ krb5_verify_ap_req2(krb5_context context,
return ret;
}
- t = malloc(sizeof(*t));
+ t = calloc(1, sizeof(*t));
if (t == NULL) {
ret = ENOMEM;
krb5_clear_error_string (context);
goto out;
}
- memset(t, 0, sizeof(*t));
if (ap_req->ap_options.use_session_key && ac->keyblock){
ret = krb5_decrypt_ticket(context, &ap_req->ticket,
@@ -372,14 +376,17 @@ krb5_verify_ap_req2(krb5_context context,
if(ret)
goto out;
- _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname,
- ap_req->ticket.realm);
- _krb5_principalname2krb5_principal(&t->client, t->ticket.cname,
- t->ticket.crealm);
+ ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname,
+ ap_req->ticket.realm);
+ if (ret) goto out;
+ ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname,
+ t->ticket.crealm);
+ if (ret) goto out;
/* save key */
- krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
+ ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
+ if (ret) goto out;
ret = decrypt_authenticator (context,
&t->ticket.key,
diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c
index ec99f86c7c..b89f150159 100644
--- a/source4/heimdal/lib/krb5/replay.c
+++ b/source4/heimdal/lib/krb5/replay.c
@@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <vis.h>
-RCSID("$Id: replay.c,v 1.10 2004/05/25 21:41:15 lha Exp $");
+RCSID("$Id: replay.c,v 1.12 2006/04/10 17:13:49 lha Exp $");
struct krb5_rcache_data {
char *name;
@@ -58,6 +58,7 @@ krb5_rc_resolve_type(krb5_context context,
krb5_rcache *id,
const char *type)
{
+ *id = NULL;
if(strcmp(type, "FILE")) {
krb5_set_error_string (context, "replay cache type %s not supported",
type);
@@ -77,6 +78,9 @@ krb5_rc_resolve_full(krb5_context context,
const char *string_name)
{
krb5_error_code ret;
+
+ *id = NULL;
+
if(strncmp(string_name, "FILE:", 5)) {
krb5_set_error_string (context, "replay cache type %s not supported",
string_name);
@@ -86,6 +90,10 @@ krb5_rc_resolve_full(krb5_context context,
if(ret)
return ret;
ret = krb5_rc_resolve(context, *id, string_name + 5);
+ if (ret) {
+ krb5_rc_close(context, *id);
+ *id = NULL;
+ }
return ret;
}
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c
index d3d21aea3f..0bcafa70a1 100644
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $");
+RCSID("$Id: send_to_kdc.c,v 1.58 2006/04/02 02:32:03 lha Exp $");
struct send_and_recv {
krb5_send_and_recv_func_t func;
@@ -231,6 +231,7 @@ send_and_recv_http(int fd,
s[rep->length] = 0;
p = strstr(s, "\r\n\r\n");
if(p == NULL) {
+ krb5_data_zero(rep);
free(s);
return -1;
}
@@ -238,12 +239,14 @@ send_and_recv_http(int fd,
rep->data = s;
rep->length -= p - s;
if(rep->length < 4) { /* remove length */
+ krb5_data_zero(rep);
free(s);
return -1;
}
rep->length -= 4;
_krb5_get_int(p, &rep_len, 4);
if (rep_len != rep->length) {
+ krb5_data_zero(rep);
free(s);
return -1;
}
diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c
index 42667765fb..4a567bb379 100644
--- a/source4/heimdal/lib/krb5/store.c
+++ b/source4/heimdal/lib/krb5/store.c
@@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include "store-int.h"
-RCSID("$Id: store.c,v 1.50 2005/06/17 04:36:33 lha Exp $");
+RCSID("$Id: store.c,v 1.51 2006/04/07 22:23:20 lha Exp $");
#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
@@ -420,7 +420,7 @@ krb5_ret_principal(krb5_storage *sp,
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
type = KRB5_NT_UNKNOWN;
- else if((ret = krb5_ret_int32(sp, &type))){
+ else if((ret = krb5_ret_int32(sp, &type))){
free(p);
return ret;
}
@@ -430,18 +430,31 @@ krb5_ret_principal(krb5_storage *sp,
}
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
ncomp--;
+ if (ncomp < 0) {
+ free(p);
+ return EINVAL;
+ }
p->name.name_type = type;
p->name.name_string.len = ncomp;
ret = krb5_ret_string(sp, &p->realm);
- if(ret) return ret;
+ if(ret) {
+ free(p);
+ return ret;
+ }
p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
- if(p->name.name_string.val == NULL){
+ if(p->name.name_string.val == NULL && ncomp != 0){
free(p->realm);
return ENOMEM;
}
for(i = 0; i < ncomp; i++){
ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
- if(ret) return ret; /* XXX */
+ if(ret) {
+ while (i >= 0)
+ free(p->name.name_string.val[i--]);
+ free(p->realm);
+ free(p);
+ return ret;
+ }
}
*princ = p;
return 0;
diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c
index 9e24db0da0..7f18b30c88 100644
--- a/source4/heimdal/lib/krb5/transited.c
+++ b/source4/heimdal/lib/krb5/transited.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: transited.c,v 1.16 2005/06/17 04:53:35 lha Exp $");
+RCSID("$Id: transited.c,v 1.18 2006/04/10 10:26:35 lha Exp $");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
@@ -100,8 +100,10 @@ make_path(krb5_context context, struct tr_realm *r,
p = from + strlen(from);
while(1){
while(p >= from && *p != '/') p--;
- if(p == from)
+ if(p == from) {
+ r->next = path; /* XXX */
return KRB5KDC_ERR_POLICY;
+ }
if(strncmp(to, from, p - from) == 0)
break;
tmp = calloc(1, sizeof(*tmp));
@@ -166,10 +168,13 @@ expand_realms(krb5_context context,
for(r = realms; r; r = r->next){
if(r->trailing_dot){
char *tmp;
- size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
+ size_t len;
if(prev_realm == NULL)
prev_realm = client_realm;
+
+ len = strlen(r->realm) + strlen(prev_realm) + 1;
+
tmp = realloc(r->realm, len);
if(tmp == NULL){
free_realms(realms);
diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c
index c66b06c09f..dd294c8943 100644
--- a/source4/heimdal/lib/krb5/v4_glue.c
+++ b/source4/heimdal/lib/krb5/v4_glue.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: v4_glue.c,v 1.2 2005/04/24 13:44:02 lha Exp $");
+RCSID("$Id: v4_glue.c,v 1.3 2006/04/02 01:39:54 lha Exp $");
#include "krb5-v4compat.h"
@@ -155,19 +155,20 @@ write_v4_cc(krb5_context context, const char *tkfile,
fd = open(path, O_WRONLY|O_CREAT, 0600);
if (fd < 0) {
- free(path);
+ ret = errno;
krb5_set_error_string(context,
"krb5_krb_tf_setup: error opening file %s",
path);
- return errno;
+ free(path);
+ return ret;
}
if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
- free(path);
- close(fd);
krb5_set_error_string(context,
"krb5_krb_tf_setup: tktfile %s is not a file",
path);
+ free(path);
+ close(fd);
return KRB5_FCC_PERM;
}
@@ -178,11 +179,11 @@ write_v4_cc(krb5_context context, const char *tkfile,
break;
}
if (i == KRB5_TF_LCK_RETRY_COUNT) {
- free(path);
- close(fd);
krb5_set_error_string(context,
"krb5_krb_tf_setup: failed to lock %s",
path);
+ free(path);
+ close(fd);
return KRB5_FCC_PERM;
}
@@ -190,11 +191,11 @@ write_v4_cc(krb5_context context, const char *tkfile,
ret = ftruncate(fd, 0);
if (ret < 0) {
flock(fd, LOCK_UN);
- free(path);
- close(fd);
krb5_set_error_string(context,
"krb5_krb_tf_setup: failed to truncate %s",
path);
+ free(path);
+ close(fd);
return KRB5_FCC_PERM;
}
}
diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c
index 92438a9963..6a14547c62 100644
--- a/source4/heimdal/lib/roken/resolve.c
+++ b/source4/heimdal/lib/roken/resolve.c
@@ -45,7 +45,7 @@
#include <assert.h>
-RCSID("$Id: resolve.c,v 1.53 2006/02/06 19:30:16 lha Exp $");
+RCSID("$Id: resolve.c,v 1.55 2006/04/14 13:56:00 lha Exp $");
#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */
#undef HAVE_RES_NSEARCH
@@ -99,6 +99,16 @@ dns_type_to_string(int type)
#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)
+static void
+dns_free_rr(struct resource_record *rr)
+{
+ if(rr->domain)
+ free(rr->domain);
+ if(rr->u.data)
+ free(rr->u.data);
+ free(rr);
+}
+
void ROKEN_LIB_FUNCTION
dns_free_data(struct dns_reply *r)
{
@@ -107,29 +117,30 @@ dns_free_data(struct dns_reply *r)
free(r->q.domain);
for(rr = r->head; rr;){
struct resource_record *tmp = rr;
- if(rr->domain)
- free(rr->domain);
- if(rr->u.data)
- free(rr->u.data);
rr = rr->next;
- free(tmp);
+ dns_free_rr(tmp);
}
free (r);
}
static int
parse_record(const unsigned char *data, const unsigned char *end_data,
- const unsigned char **pp, struct resource_record **rr)
+ const unsigned char **pp, struct resource_record **ret_rr)
{
+ struct resource_record *rr;
int type, class, ttl, size;
int status;
char host[MAXDNAME];
const unsigned char *p = *pp;
+
+ *ret_rr = NULL;
+
status = dn_expand(data, end_data, p, host, sizeof(host));
if(status < 0)
return -1;
if (p + status + 10 > end_data)
return -1;
+
p += status;
type = (p[0] << 8) | p[1];
p += 2;
@@ -143,30 +154,30 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
if (p + size > end_data)
return -1;
- *rr = calloc(1, sizeof(**rr));
- if(*rr == NULL)
+ rr = calloc(1, sizeof(*rr));
+ if(rr == NULL)
return -1;
- (*rr)->domain = strdup(host);
- if((*rr)->domain == NULL) {
- free(*rr);
+ rr->domain = strdup(host);
+ if(rr->domain == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->type = type;
- (*rr)->class = class;
- (*rr)->ttl = ttl;
- (*rr)->size = size;
+ rr->type = type;
+ rr->class = class;
+ rr->ttl = ttl;
+ rr->size = size;
switch(type){
case rk_ns_t_ns:
case rk_ns_t_cname:
case rk_ns_t_ptr:
status = dn_expand(data, end_data, p, host, sizeof(host));
if(status < 0) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.txt = strdup(host);
- if((*rr)->u.txt == NULL) {
- free(*rr);
+ rr->u.txt = strdup(host);
+ if(rr->u.txt == NULL) {
+ dns_free_rr(rr);
return -1;
}
break;
@@ -176,101 +187,101 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
status = dn_expand(data, end_data, p + 2, host, sizeof(host));
if(status < 0){
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
if (status + 2 > size) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
hostlen = strlen(host);
- (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
+ rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
hostlen);
- if((*rr)->u.mx == NULL) {
- free(*rr);
+ if(rr->u.mx == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.mx->preference = (p[0] << 8) | p[1];
- strlcpy((*rr)->u.mx->domain, host, hostlen + 1);
+ rr->u.mx->preference = (p[0] << 8) | p[1];
+ strlcpy(rr->u.mx->domain, host, hostlen + 1);
break;
}
case rk_ns_t_srv:{
size_t hostlen;
status = dn_expand(data, end_data, p + 6, host, sizeof(host));
if(status < 0){
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
if (status + 6 > size) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
hostlen = strlen(host);
- (*rr)->u.srv =
+ rr->u.srv =
(struct srv_record*)malloc(sizeof(struct srv_record) +
hostlen);
- if((*rr)->u.srv == NULL) {
- free(*rr);
+ if(rr->u.srv == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.srv->priority = (p[0] << 8) | p[1];
- (*rr)->u.srv->weight = (p[2] << 8) | p[3];
- (*rr)->u.srv->port = (p[4] << 8) | p[5];
- strlcpy((*rr)->u.srv->target, host, hostlen + 1);
+ rr->u.srv->priority = (p[0] << 8) | p[1];
+ rr->u.srv->weight = (p[2] << 8) | p[3];
+ rr->u.srv->port = (p[4] << 8) | p[5];
+ strlcpy(rr->u.srv->target, host, hostlen + 1);
break;
}
case rk_ns_t_txt:{
if(size == 0 || size < *p + 1) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.txt = (char*)malloc(*p + 1);
- if((*rr)->u.txt == NULL) {
- free(*rr);
+ rr->u.txt = (char*)malloc(*p + 1);
+ if(rr->u.txt == NULL) {
+ dns_free_rr(rr);
return -1;
}
- strncpy((*rr)->u.txt, (const char*)(p + 1), *p);
- (*rr)->u.txt[*p] = '\0';
+ strncpy(rr->u.txt, (const char*)(p + 1), *p);
+ rr->u.txt[*p] = '\0';
break;
}
case rk_ns_t_key : {
size_t key_len;
if (size < 4) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
key_len = size - 4;
- (*rr)->u.key = malloc (sizeof(*(*rr)->u.key) + key_len - 1);
- if ((*rr)->u.key == NULL) {
- free(*rr);
+ rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1);
+ if (rr->u.key == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.key->flags = (p[0] << 8) | p[1];
- (*rr)->u.key->protocol = p[2];
- (*rr)->u.key->algorithm = p[3];
- (*rr)->u.key->key_len = key_len;
- memcpy ((*rr)->u.key->key_data, p + 4, key_len);
+ rr->u.key->flags = (p[0] << 8) | p[1];
+ rr->u.key->protocol = p[2];
+ rr->u.key->algorithm = p[3];
+ rr->u.key->key_len = key_len;
+ memcpy (rr->u.key->key_data, p + 4, key_len);
break;
}
case rk_ns_t_sig : {
size_t sig_len, hostlen;
if(size <= 18) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
status = dn_expand (data, end_data, p + 18, host, sizeof(host));
if (status < 0) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
if (status + 18 > size) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
@@ -281,26 +292,26 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
*/
sig_len = size - 18 - status;
hostlen = strlen(host);
- (*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig)
+ rr->u.sig = malloc(sizeof(*rr->u.sig)
+ hostlen + sig_len);
- if ((*rr)->u.sig == NULL) {
- free(*rr);
+ if (rr->u.sig == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.sig->type = (p[0] << 8) | p[1];
- (*rr)->u.sig->algorithm = p[2];
- (*rr)->u.sig->labels = p[3];
- (*rr)->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16)
+ rr->u.sig->type = (p[0] << 8) | p[1];
+ rr->u.sig->algorithm = p[2];
+ rr->u.sig->labels = p[3];
+ rr->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16)
| (p[6] << 8) | p[7];
- (*rr)->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
+ rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
| (p[10] << 8) | p[11];
- (*rr)->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16)
+ rr->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16)
| (p[14] << 8) | p[15];
- (*rr)->u.sig->key_tag = (p[16] << 8) | p[17];
- (*rr)->u.sig->sig_len = sig_len;
- memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len);
- (*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len];
- strlcpy((*rr)->u.sig->signer, host, hostlen + 1);
+ rr->u.sig->key_tag = (p[16] << 8) | p[17];
+ rr->u.sig->sig_len = sig_len;
+ memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len);
+ rr->u.sig->signer = &rr->u.sig->sig_data[sig_len];
+ strlcpy(rr->u.sig->signer, host, hostlen + 1);
break;
}
@@ -308,78 +319,81 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
size_t cert_len;
if (size < 5) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
cert_len = size - 5;
- (*rr)->u.cert = malloc (sizeof(*(*rr)->u.cert) + cert_len - 1);
- if ((*rr)->u.cert == NULL) {
- free(*rr);
+ rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1);
+ if (rr->u.cert == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.cert->type = (p[0] << 8) | p[1];
- (*rr)->u.cert->tag = (p[2] << 8) | p[3];
- (*rr)->u.cert->algorithm = p[4];
- (*rr)->u.cert->cert_len = cert_len;
- memcpy ((*rr)->u.cert->cert_data, p + 5, cert_len);
+ rr->u.cert->type = (p[0] << 8) | p[1];
+ rr->u.cert->tag = (p[2] << 8) | p[3];
+ rr->u.cert->algorithm = p[4];
+ rr->u.cert->cert_len = cert_len;
+ memcpy (rr->u.cert->cert_data, p + 5, cert_len);
break;
}
case rk_ns_t_sshfp : {
size_t sshfp_len;
if (size < 2) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
sshfp_len = size - 2;
- (*rr)->u.sshfp = malloc (sizeof(*(*rr)->u.sshfp) + sshfp_len - 1);
- if ((*rr)->u.sshfp == NULL) {
- free(*rr);
+ rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1);
+ if (rr->u.sshfp == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.sshfp->algorithm = p[0];
- (*rr)->u.sshfp->type = p[1];
- (*rr)->u.sshfp->sshfp_len = sshfp_len;
- memcpy ((*rr)->u.sshfp->sshfp_data, p + 2, sshfp_len);
+ rr->u.sshfp->algorithm = p[0];
+ rr->u.sshfp->type = p[1];
+ rr->u.sshfp->sshfp_len = sshfp_len;
+ memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len);
break;
}
case rk_ns_t_ds: {
size_t digest_len;
if (size < 4) {
- free(*rr);
+ dns_free_rr(rr);
return -1;
}
digest_len = size - 4;
- (*rr)->u.ds = malloc (sizeof(*(*rr)->u.ds) + digest_len - 1);
- if ((*rr)->u.ds == NULL) {
- free(*rr);
+ rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1);
+ if (rr->u.ds == NULL) {
+ dns_free_rr(rr);
return -1;
}
- (*rr)->u.ds->key_tag = (p[0] << 8) | p[1];
- (*rr)->u.ds->algorithm = p[2];
- (*rr)->u.ds->digest_type = p[3];
- (*rr)->u.ds->digest_len = digest_len;
- memcpy ((*rr)->u.ds->digest_data, p + 4, digest_len);
+ rr->u.ds->key_tag = (p[0] << 8) | p[1];
+ rr->u.ds->algorithm = p[2];
+ rr->u.ds->digest_type = p[3];
+ rr->u.ds->digest_len = digest_len;
+ memcpy (rr->u.ds->digest_data, p + 4, digest_len);
break;
}
default:
- (*rr)->u.data = (unsigned char*)malloc(size);
- if(size != 0 && (*rr)->u.data == NULL) {
- free(*rr);
+ rr->u.data = (unsigned char*)malloc(size);
+ if(size != 0 && rr->u.data == NULL) {
+ dns_free_rr(rr);
return -1;
}
- memcpy((*rr)->u.data, p, size);
+ if (size)
+ memcpy(rr->u.data, p, size);
}
*pp = p + size;
+ *ret_rr = rr;
+
return 0;
}
@@ -633,8 +647,7 @@ dns_srv_order(struct dns_reply *r)
/* find the last record with the same priority and count the
sum of all weights */
for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) {
- if(*tt == NULL)
- continue;
+ assert(*tt != NULL);
if((*tt)->u.srv->priority != (*ss)->u.srv->priority)
break;
sum += (*tt)->u.srv->weight;
diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c
index 2df3f83e36..8f200dfe10 100644
--- a/source4/heimdal/lib/roken/roken_gethostby.c
+++ b/source4/heimdal/lib/roken/roken_gethostby.c
@@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: roken_gethostby.c,v 1.7 2005/04/12 11:29:03 lha Exp $");
+RCSID("$Id: roken_gethostby.c,v 1.8 2006/04/02 00:09:28 lha Exp $");
#endif
#include <roken.h>
@@ -186,7 +186,7 @@ roken_gethostby(const char *hostname)
#define MAX_ADDRS 16
static struct hostent he;
static char addrs[4 * MAX_ADDRS];
- static char *addr_list[MAX_ADDRS];
+ static char *addr_list[MAX_ADDRS + 1];
int num_addrs = 0;
he.h_name = p;
diff --git a/source4/heimdal_build/config.mk b/source4/heimdal_build/config.mk
index eb68acc4eb..88c88274a6 100644
--- a/source4/heimdal_build/config.mk
+++ b/source4/heimdal_build/config.mk
@@ -280,6 +280,7 @@ OBJ_FILES = \
../heimdal/lib/des/rijndael-alg-fst.o \
../heimdal/lib/des/rnd_keys.o \
../heimdal/lib/des/sha.o \
+ ../heimdal/lib/des/sha256.o \
../heimdal/lib/des/ui.o \
../heimdal/lib/des/evp.o \
../heimdal/lib/des/pkcs5.o \