diff options
67 files changed, 2996 insertions, 3977 deletions
diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 1642975616..9fcf40a4c2 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $"); +RCSID("$Id: 524.c,v 1.36 2006/04/07 22:12:28 lha Exp $"); #include <krb5-v4compat.h> @@ -374,19 +374,21 @@ _kdc_do_524(krb5_context context, /* make reply */ memset(buf, 0, sizeof(buf)); sp = krb5_storage_from_mem(buf, sizeof(buf)); - krb5_store_int32(sp, ret); - if(ret == 0){ - krb5_store_int32(sp, kvno); - krb5_store_data(sp, ticket.cipher); - /* Aargh! This is coded as a KTEXT_ST. */ - krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); - krb5_store_int32(sp, 0); /* mbz */ - free_EncryptedData(&ticket); - } - ret = krb5_storage_to_data(sp, reply); - reply->length = krb5_storage_seek(sp, 0, SEEK_CUR); - krb5_storage_free(sp); - + if (sp) { + krb5_store_int32(sp, ret); + if(ret == 0){ + krb5_store_int32(sp, kvno); + krb5_store_data(sp, ticket.cipher); + /* Aargh! This is coded as a KTEXT_ST. */ + krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); + krb5_store_int32(sp, 0); /* mbz */ + free_EncryptedData(&ticket); + } + ret = krb5_storage_to_data(sp, reply); + reply->length = krb5_storage_seek(sp, 0, SEEK_CUR); + krb5_storage_free(sp); + } else + krb5_data_zero(reply); if(spn) free(spn); if(server) diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 069af21660..05fedeca29 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $"); +RCSID("$Id: kaserver.c,v 1.32 2006/04/02 01:54:37 lha Exp $"); #include <krb5-v4compat.h> #include <rx.h> @@ -453,8 +453,8 @@ do_authenticate (krb5_context context, } ret = _kdc_check_flags (context, config, - &client_entry->entry, client_name, - &server_entry->entry, server_name, + client_entry, client_name, + server_entry, server_name, TRUE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); @@ -752,8 +752,8 @@ do_getticket (krb5_context context, } ret = _kdc_check_flags (context, config, - &client_entry->entry, client_name, - &server_entry->entry, server_name, + client_entry, client_name, + server_entry, server_name, FALSE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index 729778a69e..c718b1fd52 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -18,9 +18,9 @@ krb5_error_code _kdc_check_flags ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - hdb_entry */*client*/, + hdb_entry_ex */*client_ex*/, const char */*client_name*/, - hdb_entry */*server*/, + hdb_entry_ex */*server_ex*/, const char */*server_name*/, krb5_boolean /*is_as_req*/); @@ -118,7 +118,9 @@ _kdc_pk_initialize ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, const char */*user_id*/, - const char */*x509_anchors*/); + const char */*anchors*/, + char **/*pool*/, + char **/*revoke*/); krb5_error_code _kdc_pk_mk_pa_reply ( diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 72ea41d9e6..030405adc2 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -35,7 +35,7 @@ #include <krb5-v4compat.h> -RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $"); +RCSID("$Id: kerberos4.c,v 1.57 2006/04/02 01:54:37 lha Exp $"); #ifndef swap32 static u_int32_t @@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - &client->entry, client_name, - &server->entry, server_name, + client, client_name, + server, server_name, TRUE); if (ret) { /* good error code? */ @@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - &client->entry, client_name, - &server->entry, server_name, + client, client_name, + server, server_name, FALSE); if (ret) { /* good error code? */ diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 3f9dcd12f8..68720d692e 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.206 2006/04/02 01:54:37 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -209,6 +209,50 @@ log_timestamp(krb5_context context, type, authtime_str, starttime_str, endtime_str, renewtime_str); } +static void +log_patypes(krb5_context context, + krb5_kdc_configuration *config, + METHOD_DATA *padata) +{ + struct rk_strpool *p = NULL; + char *str; + int i; + + for (i = 0; i < padata->len; i++) { + switch(padata->val[i].padata_type) { + case KRB5_PADATA_PK_AS_REQ: + p = rk_strpoolprintf(p, "PK-INIT(ietf)"); + break; + case KRB5_PADATA_PK_AS_REQ_WIN: + p = rk_strpoolprintf(p, "PK-INIT(win2k)"); + break; + case KRB5_PADATA_PA_PK_OCSP_RESPONSE: + p = rk_strpoolprintf(p, "OCSP"); + break; + case KRB5_PADATA_ENC_TIMESTAMP: + p = rk_strpoolprintf(p, "encrypted-timestamp"); + break; + default: + p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type); + break; + } + if (p && i + 1 < padata->len) + p = rk_strpoolprintf(p, ", "); + if (p == NULL) { + kdc_log(context, config, 0, "out of memory"); + return; + } + } + str = rk_strpoolcollect(p); + kdc_log(context, config, 0, "Client sent patypes: %s", str); + free(str); +} + +/* + * + */ + + static krb5_error_code encode_reply(krb5_context context, krb5_kdc_configuration *config, @@ -642,11 +686,13 @@ get_pa_etype_info2(krb5_context context, krb5_error_code _kdc_check_flags(krb5_context context, krb5_kdc_configuration *config, - hdb_entry *client, const char *client_name, - hdb_entry *server, const char *server_name, + hdb_entry_ex *client_ex, const char *client_name, + hdb_entry_ex *server_ex, const char *server_name, krb5_boolean is_as_req) { - if(client != NULL) { + if(client_ex != NULL) { + hdb_entry *client = &client_ex->entry; + /* check client */ if (client->flags.invalid) { kdc_log(context, config, 0, @@ -680,8 +726,8 @@ _kdc_check_flags(krb5_context context, return KRB5KDC_ERR_NAME_EXP; } - if (client->pw_end && *client->pw_end < kdc_time - && !server->flags.change_pw) { + if (client->pw_end && *client->pw_end < kdc_time + && (server_ex == NULL || !server_ex->entry.flags.change_pw)) { char pwend_str[100]; krb5_format_time(context, *client->pw_end, pwend_str, sizeof(pwend_str), TRUE); @@ -694,7 +740,9 @@ _kdc_check_flags(krb5_context context, /* check server */ - if (server != NULL) { + if (server_ex != NULL) { + hdb_entry *server = &server_ex->entry; + if (server->flags.invalid) { kdc_log(context, config, 0, "Server has invalid flag set -- %s", server_name); @@ -762,27 +810,28 @@ check_addresses(krb5_context context, krb5_boolean result; krb5_boolean only_netbios = TRUE; int i; - + if(config->check_ticket_addresses == 0) return TRUE; - if(addresses == NULL) + if(addresses == NULL) return config->allow_null_ticket_addresses; - + for (i = 0; i < addresses->len; ++i) { - if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) { - only_netbios = FALSE; - } + if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) { + only_netbios = FALSE; + } } /* Windows sends it's netbios name, which I can only assume is - * used for the 'allowed workstations' check. This is painful, but - * we still want to check IP addresses if they happen to be - * present. */ + * used for the 'allowed workstations' check. This is painful, + * but we still want to check IP addresses if they happen to be + * present. + */ if(only_netbios) return config->allow_null_ticket_addresses; - + ret = krb5_sockaddr2address (context, from, &addr); if(ret) return FALSE; @@ -867,8 +916,8 @@ _kdc_as_rep(krb5_context context, } ret = _kdc_check_flags(context, config, - &client->entry, client_name, - &server->entry, server_name, + client, client_name, + server, server_name, TRUE); if(ret) goto out; @@ -884,10 +933,12 @@ _kdc_as_rep(krb5_context context, memset(&ek, 0, sizeof(ek)); if(req->padata){ - int i = 0; + int i; PA_DATA *pa; int found_pa = 0; + log_patypes(context, config, req->padata); + #ifdef PKINIT kdc_log(context, config, 5, "Looking for PKINIT pa-data -- %s", client_name); @@ -1171,7 +1222,7 @@ _kdc_as_rep(krb5_context context, if (p && i + 1 < b->etype.len) p = rk_strpoolprintf(p, ", "); if (p == NULL) { - kdc_log(context, config, 0, "out of meory"); + kdc_log(context, config, 0, "out of memory"); goto out; } } @@ -2410,8 +2461,8 @@ tgs_rep2(krb5_context context, } ret = _kdc_check_flags(context, config, - &client->entry, cpn, - &server->entry, spn, + client, cpn, + server, spn, FALSE); if(ret) goto out; diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 67934c0745..3f064f9d50 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.59 2006/04/22 12:10:16 lha Exp $"); #ifdef PKINIT @@ -42,25 +42,17 @@ RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $"); #include <cms_asn1.h> #include <pkinit_asn1.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/bn.h> -#include <openssl/asn1.h> -#include <openssl/err.h> +#include <hx509.h> +#include "crypto-headers.h" /* XXX copied from lib/krb5/pkinit.c */ struct krb5_pk_identity { - EVP_PKEY *private_key; - STACK_OF(X509) *cert; - STACK_OF(X509) *trusted_certs; - STACK_OF(X509_CRL) *crls; - ENGINE *engine; -}; - -/* XXX copied from lib/krb5/pkinit.c */ -struct krb5_pk_cert { - X509 *cert; + hx509_context hx509ctx; + hx509_verify_ctx verify_ctx; + hx509_certs certs; + hx509_certs anchors; + hx509_certs certpool; + hx509_revoke_ctx revoke; }; enum pkinit_type { @@ -71,7 +63,7 @@ enum pkinit_type { struct pk_client_params { enum pkinit_type type; BIGNUM *dh_public_key; - struct krb5_pk_cert *certificate; + hx509_cert cert; unsigned nonce; DH *dh; EncryptionKey reply_key; @@ -86,29 +78,6 @@ struct pk_principal_mapping { } *val; }; -/* XXX copied from lib/krb5/pkinit.c */ -#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ -{ \ - unsigned char *p; \ - (BL) = i2d_##T((S), NULL); \ - if ((BL) <= 0) { \ - (R) = EINVAL; \ - } else { \ - (B) = malloc((BL)); \ - if ((B) == NULL) { \ - (R) = ENOMEM; \ - } else { \ - p = (B); \ - (R) = 0; \ - (BL) = i2d_##T((S), &p); \ - if ((BL) <= 0) { \ - free((B)); \ - (R) = ASN1_OVERRUN; \ - } \ - } \ - } \ -} - static struct krb5_pk_identity *kdc_identity; static struct pk_principal_mapping principal_mappings; static struct krb5_dh_moduli **moduli; @@ -185,59 +154,19 @@ pk_check_pkauthenticator(krb5_context context, krb5_clear_error_string(context); ret = KRB5KRB_ERR_GENERIC; } + out: free_Checksum(&checksum); return ret; } -static krb5_error_code -pk_encrypt_key(krb5_context context, - krb5_keyblock *key, - EVP_PKEY *public_key, - krb5_data *encrypted_key, - const heim_oid **oid) -{ - krb5_error_code ret; - - encrypted_key->length = EVP_PKEY_size(public_key); - - if (encrypted_key->length < key->keyvalue.length + 11) { /* XXX */ - krb5_set_error_string(context, "pkinit: encrypted key too long"); - return KRB5KRB_ERR_GENERIC; - } - - encrypted_key->data = malloc(encrypted_key->length); - if (encrypted_key->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - ret = EVP_PKEY_encrypt(encrypted_key->data, - key->keyvalue.data, - key->keyvalue.length, - public_key); - if (ret < 0) { - free(encrypted_key->data); - krb5_set_error_string(context, "Can't encrypt key: %s", - ERR_error_string(ERR_get_error(), NULL)); - return KRB5KRB_ERR_GENERIC; - } - if (encrypted_key->length != ret) - krb5_abortx(context, "size of EVP_PKEY_size is not the " - "size of the output"); - - *oid = oid_id_pkcs1_rsaEncryption(); - - return 0; -} - void _kdc_pk_free_client_param(krb5_context context, pk_client_params *client_params) { - if (client_params->certificate) - _krb5_pk_cert_free(client_params->certificate); + if (client_params->cert) + hx509_cert_free(client_params->cert); if (client_params->dh) DH_free(client_params->dh); if (client_params->dh_public_key) @@ -261,9 +190,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, memset(&key, 0, sizeof(key)); if (!DH_generate_key(client_params->dh)) { - krb5_set_error_string(context, "Can't generate Diffie-Hellman " - "keys (%s)", - ERR_error_string(ERR_get_error(), NULL)); + krb5_set_error_string(context, "Can't generate Diffie-Hellman keys"); ret = KRB5KRB_ERR_GENERIC; goto out; } @@ -290,8 +217,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, client_params->dh_public_key, client_params->dh); if (dh_gen_keylen == -1) { - krb5_set_error_string(context, "Can't compute Diffie-Hellman key (%s)", - ERR_error_string(ERR_get_error(), NULL)); + krb5_set_error_string(context, "Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; goto out; } @@ -321,7 +247,7 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f) krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); return NULL; } - bn->neg = f->negative; + BN_set_negative(bn, f->negative); return bn; } @@ -376,8 +302,7 @@ get_dh_param(krb5_context context, dh = DH_new(); if (dh == NULL) { - krb5_set_error_string(context, "Cannot create DH structure (%s)", - ERR_error_string(ERR_get_error(), NULL)); + krb5_set_error_string(context, "Cannot create DH structure"); ret = ENOMEM; goto out; } @@ -413,9 +338,10 @@ get_dh_param(krb5_context context, goto out; } - if (DH_check(dh, &dhret) != 1) { - krb5_set_error_string(context, "PKINIT DH data not ok: %s", - ERR_error_string(ERR_get_error(), NULL)); + + if (DH_check_pubkey(dh, client_params->dh_public_key, &dhret) != 1 || + dhret != 0) { + krb5_set_error_string(context, "PKINIT DH data not ok"); ret = KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; goto out; } @@ -498,11 +424,12 @@ _kdc_pk_rd_padata(krb5_context context, { pk_client_params *client_params; krb5_error_code ret; - heim_oid eContentType = { 0, NULL }; + heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL }; krb5_data eContent = { 0, NULL }; krb5_data signed_content = { 0, NULL }; const char *type = "unknown type"; const heim_oid *pa_contentType; + int have_data; *ret_params = NULL; @@ -520,7 +447,7 @@ _kdc_pk_rd_padata(krb5_context context, if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { PA_PK_AS_REQ_Win2k r; - ContentInfo info; + int have_data; type = "PK-INIT-Win2k"; pa_contentType = oid_id_pkcs7_data(); @@ -535,47 +462,20 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - ret = decode_ContentInfo(r.signed_auth_pack.data, - r.signed_auth_pack.length, &info, NULL); + ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack, + &contentInfoOid, + &signed_content, + &have_data); free_PA_PK_AS_REQ_Win2k(&r); if (ret) { krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); goto out; } - if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) { - krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " - "type oid"); - free_ContentInfo(&info); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - if (info.content == NULL) { - krb5_set_error_string(context, - "PK-AS-REQ-Win2k no signed auth pack"); - free_ContentInfo(&info); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - signed_content.data = malloc(info.content->length); - if (signed_content.data == NULL) { - ret = ENOMEM; - free_ContentInfo(&info); - krb5_set_error_string(context, "PK-AS-REQ-Win2k out of memory"); - goto out; - } - signed_content.length = info.content->length; - memcpy(signed_content.data, info.content->data, signed_content.length); - - free_ContentInfo(&info); - } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { PA_PK_AS_REQ r; - ContentInfo info; - type = "PK-INIT-27"; + type = "PK-INIT-IETF"; pa_contentType = oid_id_pkauthdata(); ret = decode_PA_PK_AS_REQ(pa->padata_value.data, @@ -587,43 +487,17 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - ret = decode_ContentInfo(r.signedAuthPack.data, - r.signedAuthPack.length, &info, NULL); - if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); - goto out; - } - - if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) { - krb5_set_error_string(context, "PK-AS-REQ invalid content " - "type oid"); - free_ContentInfo(&info); - free_PA_PK_AS_REQ(&r); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - if (info.content == NULL) { - krb5_set_error_string(context, "PK-AS-REQ no signed auth pack"); - free_PA_PK_AS_REQ(&r); - free_ContentInfo(&info); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } + /* XXX look at r.trustedCertifiers and r.kdcPkId */ - signed_content.data = malloc(info.content->length); - if (signed_content.data == NULL) { - ret = ENOMEM; - free_ContentInfo(&info); - free_PA_PK_AS_REQ(&r); - krb5_set_error_string(context, "PK-AS-REQ out of memory"); + ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack, + &contentInfoOid, + &signed_content, + &have_data); + free_PA_PK_AS_REQ(&r); + if (ret) { + krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret); goto out; } - signed_content.length = info.content->length; - memcpy(signed_content.data, info.content->data, signed_content.length); - - free_ContentInfo(&info); - free_PA_PK_AS_REQ(&r); } else { krb5_clear_error_string(context); @@ -631,24 +505,51 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - ret = _krb5_pk_verify_sign(context, - signed_content.data, - signed_content.length, - kdc_identity, - &eContentType, - &eContent, - &client_params->certificate); - if (ret) + ret = heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); + if (ret != 0) { + krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " + "type oid"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + if (!have_data) { + krb5_set_error_string(context, + "PK-AS-REQ-Win2k no signed auth pack"); + ret = KRB5KRB_ERR_GENERIC; goto out; + } + + { + hx509_certs signer_certs; + + ret = hx509_cms_verify_signed(kdc_identity->hx509ctx, + kdc_identity->verify_ctx, + signed_content.data, + signed_content.length, + kdc_identity->certpool, + &eContentType, + &eContent, + &signer_certs); + if (ret) { + kdc_log(context, config, 0, + "PK-INIT failed to verify signature %d", ret); + goto out; + } + + ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs, + &client_params->cert); + hx509_certs_free(&signer_certs); + if (ret) + goto out; + } -#if 0 /* Signature is correct, now verify the signed message */ if (heim_oid_cmp(&eContentType, pa_contentType)) { krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; goto out; } -#endif if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { AuthPack_Win2k ap; @@ -716,19 +617,15 @@ _kdc_pk_rd_padata(krb5_context context, } else krb5_abortx(context, "internal pkinit error"); - /* - * Remaining fields (ie kdcCert and encryptionCert) in the request - * are ignored for now. - */ - kdc_log(context, config, 0, "PK-INIT request of type %s", type); - out: +out: if (signed_content.data) free(signed_content.data); krb5_data_free(&eContent); free_oid(&eContentType); + free_oid(&contentInfoOid); if (ret) _kdc_pk_free_client_param(context, client_params); else @@ -750,7 +647,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) return ENOMEM; } BN_bn2bin(bn, integer->data); - integer->negative = bn->neg; + integer->negative = BN_is_negative(bn); return 0; } @@ -762,78 +659,11 @@ pk_mk_pa_reply_enckey(krb5_context context, krb5_keyblock *reply_key, ContentInfo *content_info) { - KeyTransRecipientInfo *ri; - EnvelopedData ed; krb5_error_code ret; - krb5_crypto crypto = NULL; - krb5_data buf, sd_data, enc_sd_data, iv, params; - krb5_keyblock tmp_key; - krb5_enctype enveloped_enctype; - X509_NAME *issuer_name; - heim_integer *serial; + krb5_data buf, o; size_t size; - AlgorithmIdentifier *enc_alg; - int i; - - krb5_data_zero(&enc_sd_data); - krb5_data_zero(&sd_data); - krb5_data_zero(&iv); - - memset(&tmp_key, 0, sizeof(tmp_key)); - memset(&ed, 0, sizeof(ed)); - - /* default to DES3 if client doesn't tell us */ - enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS; - - for (i = 0; i < req->req_body.etype.len; i++) { - switch(req->req_body.etype.val[i]) { - case 15: /* des-ede3-cbc-Env-OID */ - enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS; - break; - default: - break; - } - } - - ret = krb5_generate_random_keyblock(context, enveloped_enctype, &tmp_key); - if (ret) - goto out; - ret = krb5_crypto_init(context, &tmp_key, 0, &crypto); - if (ret) - goto out; - - - ret = krb5_crypto_getblocksize(context, crypto, &iv.length); - if (ret) - goto out; - - ret = krb5_data_alloc(&iv, iv.length); - if (ret) { - krb5_set_error_string(context, "malloc out of memory"); - goto out; - } - - krb5_generate_random_block(iv.data, iv.length); - - enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm; - - ret = krb5_enctype_to_oid(context, enveloped_enctype, &enc_alg->algorithm); - if (ret) - goto out; - - ret = krb5_crypto_set_params(context, crypto, &iv, ¶ms); - if (ret) - goto out; - - ALLOC(enc_alg->parameters); - if (enc_alg->parameters == NULL) { - krb5_data_free(¶ms); - krb5_set_error_string(context, "malloc out of memory"); - return ENOMEM; - } - enc_alg->parameters->data = params.data; - enc_alg->parameters->length = params.length; + krb5_data_zero(&buf); switch (client_params->type) { case PKINIT_COMPAT_WIN2K: { @@ -897,139 +727,21 @@ pk_mk_pa_reply_enckey(krb5_context context, if (buf.length != size) krb5_abortx(context, "Internal ASN.1 encoder error"); - /* - * CRL's are not transfered -- should be ? - */ - - ret = _krb5_pk_create_sign(context, - oid_id_pkrkeydata(), - &buf, - kdc_identity, - &sd_data); - krb5_data_free(&buf); - if (ret) - goto out; - - ret = krb5_encrypt_ivec(context, crypto, 0, - sd_data.data, sd_data.length, - &enc_sd_data, - iv.data); - - ALLOC_SEQ(&ed.recipientInfos, 1); - if (ed.recipientInfos.val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ri = &ed.recipientInfos.val[0]; - - ri->version = 0; - ri->rid.element = choice_CMSIdentifier_issuerAndSerialNumber; - - issuer_name = X509_get_issuer_name(client_params->certificate->cert); - OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, buf.data, buf.length, - issuer_name, ret); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - ret = decode_Name(buf.data, buf.length, - &ri->rid.u.issuerAndSerialNumber.issuer, - NULL); - free(buf.data); - if (ret) { - krb5_set_error_string(context, "pkinit: failed to parse Name"); - goto out; - } - - serial = &ri->rid.u.issuerAndSerialNumber.serialNumber; - { - ASN1_INTEGER *isn; - BIGNUM *bn; - - isn = X509_get_serialNumber(client_params->certificate->cert); - bn = ASN1_INTEGER_to_BN(isn, NULL); - if (bn == NULL) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - ret = BN_to_integer(context, bn, serial); - BN_free(bn); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - } - - { - const heim_oid *pk_enc_key_oid; - krb5_data enc_tmp_key; - - ret = pk_encrypt_key(context, &tmp_key, - X509_get_pubkey(client_params->certificate->cert), - &enc_tmp_key, - &pk_enc_key_oid); - if (ret) - goto out; - - ri->encryptedKey.length = enc_tmp_key.length; - ri->encryptedKey.data = enc_tmp_key.data; - - ret = copy_oid(pk_enc_key_oid, &ri->keyEncryptionAlgorithm.algorithm); - if (ret) - goto out; - } - - /* - * - */ - - ed.version = 0; - ed.originatorInfo = NULL; - - ret = copy_oid(oid_id_pkcs7_signedData(), &ed.encryptedContentInfo.contentType); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - - ALLOC(ed.encryptedContentInfo.encryptedContent); - if (ed.encryptedContentInfo.encryptedContent == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ed.encryptedContentInfo.encryptedContent->data = enc_sd_data.data; - ed.encryptedContentInfo.encryptedContent->length = enc_sd_data.length; - krb5_data_zero(&enc_sd_data); - - ed.unprotectedAttrs = NULL; - - ASN1_MALLOC_ENCODE(EnvelopedData, buf.data, buf.length, &ed, &size, ret); - if (ret) { - krb5_set_error_string(context, - "ASN.1 encoding of EnvelopedData failed (%d)", - ret); + ret = hx509_cms_envelope_1(kdc_identity->hx509ctx, + client_params->cert, + buf.data, buf.length, NULL, + oid_id_pkcs7_signedData(), &o); + if (ret) goto out; - } - + ret = _krb5_pk_mk_ContentInfo(context, - &buf, + &o, oid_id_pkcs7_envelopedData(), content_info); - krb5_data_free(&buf); + free_octet_string(&o); out: - if (crypto) - krb5_crypto_destroy(context, crypto); - krb5_free_keyblock_contents(context, &tmp_key); - krb5_data_free(&enc_sd_data); - krb5_data_free(&iv); - free_EnvelopedData(&ed); - + krb5_data_free(&buf); return ret; } @@ -1044,37 +756,32 @@ pk_mk_pa_reply_dh(krb5_context context, krb5_keyblock *reply_key, ContentInfo *content_info) { - ASN1_INTEGER *dh_pub_key = NULL; - ContentInfo contentinfo; KDCDHKeyInfo dh_info; + krb5_data signed_data, buf; + ContentInfo contentinfo; krb5_error_code ret; - SignedData sd; - krb5_data buf, signed_data; size_t size; + heim_integer i; memset(&contentinfo, 0, sizeof(contentinfo)); memset(&dh_info, 0, sizeof(dh_info)); - memset(&sd, 0, sizeof(sd)); krb5_data_zero(&buf); krb5_data_zero(&signed_data); - dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL); - if (dh_pub_key == NULL) { - krb5_set_error_string(context, "BN_to_ASN1_INTEGER() failed (%s)", - ERR_error_string(ERR_get_error(), NULL)); - ret = ENOMEM; - goto out; - } + ret = BN_to_integer(context, kdc_dh->pub_key, &i); + if (ret) + return ret; - OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, buf.data, buf.length, dh_pub_key, - ret); - ASN1_INTEGER_free(dh_pub_key); + ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); if (ret) { - krb5_set_error_string(context, "Encoding of ASN1_INTEGER failed (%s)", - ERR_error_string(ERR_get_error(), NULL)); - goto out; + krb5_set_error_string(context, "ASN.1 encoding of " + "DHPublicKey failed (%d)", ret); + krb5_clear_error_string(context); + return ret; } - + if (buf.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + dh_info.subjectPublicKey.length = buf.length * 8; dh_info.subjectPublicKey.data = buf.data; @@ -1095,12 +802,36 @@ pk_mk_pa_reply_dh(krb5_context context, * filled in above */ - ret = _krb5_pk_create_sign(context, - oid_id_pkdhkeydata(), - &buf, - kdc_identity, - &signed_data); - krb5_data_free(&buf); + { + hx509_cert cert; + hx509_query *q; + + ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + if (ret) + goto out; + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + + ret = hx509_certs_find(kdc_identity->hx509ctx, + kdc_identity->certs, + q, + &cert); + hx509_query_free(kdc_identity->hx509ctx, q); + if (ret) + goto out; + + ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx, + oid_id_pkdhkeydata(), + buf.data, + buf.length, + NULL, + cert, + kdc_identity->anchors, + kdc_identity->certpool, + &signed_data); + hx509_cert_free(cert); + } if (ret) goto out; @@ -1112,6 +843,7 @@ pk_mk_pa_reply_dh(krb5_context context, goto out; out: + krb5_data_free(&buf); krb5_data_free(&signed_data); free_KDCDHKeyInfo(&dh_info); @@ -1322,62 +1054,59 @@ _kdc_pk_mk_pa_reply(krb5_context context, static int pk_principal_from_X509(krb5_context context, krb5_kdc_configuration *config, - struct krb5_pk_cert *client_cert, - krb5_principal *principal) + hx509_cert client_cert, + krb5_const_principal match) { - krb5_error_code ret; - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - ASN1_OBJECT *obj; - int i; + hx509_octet_string_list list; + int ret, i, found = 0; - *principal = NULL; + memset(&list, 0 , sizeof(list)); - obj = OBJ_txt2obj("1.3.6.1.5.2.2",1); - - gens = X509_get_ext_d2i(client_cert->cert, NID_subject_alt_name, - NULL, NULL); - if (gens == NULL) - return 1; + ret = hx509_cert_find_subjectAltName_otherName(client_cert, + oid_id_pkinit_san(), + &list); + if (ret) + goto out; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + for (i = 0; !found && i < list.len; i++) { + krb5_principal_data principal; KRB5PrincipalName kn; - size_t len, size; - void *p; - - gen = sk_GENERAL_NAME_value(gens, i); - if (gen->type != GEN_OTHERNAME) - continue; - - if(OBJ_cmp(obj, gen->d.otherName->type_id) != 0) - continue; - - p = ASN1_STRING_data(gen->d.otherName->value->value.sequence); - len = ASN1_STRING_length(gen->d.otherName->value->value.sequence); + size_t size; - ret = decode_KRB5PrincipalName(p, len, &kn, &size); + ret = decode_KRB5PrincipalName(list.val[i].data, + list.val[i].length, + &kn, &size); if (ret) { kdc_log(context, config, 0, "Decoding kerberos name in certificate failed: %s", krb5_get_err_text(context, ret)); - continue; + break; } - - *principal = malloc(sizeof(**principal)); - if (*principal == NULL) { - free_KRB5PrincipalName(&kn); - return 1; + if (size != list.val[i].length) { + kdc_log(context, config, 0, + "Decoding kerberos name have extra bits on the end"); + return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; } - (*principal)->name = kn.principalName; - (*principal)->realm = kn.realm; - return 0; + principal.name = kn.principalName; + principal.realm = kn.realm; + + if (krb5_principal_compare(context, &principal, match) == TRUE) + found = 1; + free_KRB5PrincipalName(&kn); } - return 1; -} +out: + hx509_free_octet_string_list(&list); + if (ret) + return ret; + + if (!found) + return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + + return 0; +} -/* XXX match with issuer too ? */ krb5_error_code _kdc_pk_check_client(krb5_context context, @@ -1387,45 +1116,34 @@ _kdc_pk_check_client(krb5_context context, pk_client_params *client_params, char **subject_name) { - struct krb5_pk_cert *client_cert = client_params->certificate; - krb5_principal cert_princ; - X509_NAME *name; - char *subject = NULL; krb5_error_code ret; - krb5_boolean b; + hx509_name name; int i; - *subject_name = NULL; - - name = X509_get_subject_name(client_cert->cert); - if (name == NULL) { - krb5_set_error_string(context, "PKINIT can't get subject name"); - return ENOMEM; - } - subject = X509_NAME_oneline(name, NULL, 0); - if (subject == NULL) { - krb5_set_error_string(context, "PKINIT can't get subject name"); - return ENOMEM; - } - *subject_name = strdup(subject); - if (*subject_name == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } - OPENSSL_free(subject); - if (config->enable_pkinit_princ_in_cert) { ret = pk_principal_from_X509(context, config, - client_cert, &cert_princ); - if (ret == 0) { - b = krb5_principal_compare(context, client_princ, cert_princ); - krb5_free_principal(context, cert_princ); - if (b == TRUE) - return 0; - } + client_params->cert, + client_princ); + if (ret == 0) + return 0; } + ret = hx509_cert_get_subject(client_params->cert, &name); + if (ret) + return ret; + + ret = hx509_name_to_string(name, subject_name); + hx509_name_free(&name); + if (ret) + return ret; + + kdc_log(context, config, 5, + "Trying to authorize subject DN %s", + *subject_name); + for (i = 0; i < principal_mappings.len; i++) { + krb5_boolean b; + b = krb5_principal_compare(context, client_princ, principal_mappings.val[i].principal); @@ -1436,6 +1154,7 @@ _kdc_pk_check_client(krb5_context context, return 0; } free(*subject_name); + *subject_name = NULL; krb5_set_error_string(context, "PKINIT no matching principals"); return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; @@ -1477,7 +1196,9 @@ krb5_error_code _kdc_pk_initialize(krb5_context context, krb5_kdc_configuration *config, const char *user_id, - const char *x509_anchors) + const char *anchors, + char **pool, + char **revoke) { const char *file; krb5_error_code ret; @@ -1495,13 +1216,15 @@ _kdc_pk_initialize(krb5_context context, principal_mappings.len = 0; principal_mappings.val = NULL; - ret = _krb5_pk_load_openssl_id(context, - &kdc_identity, - user_id, - x509_anchors, - NULL, - NULL, - NULL); + ret = _krb5_pk_load_id(context, + &kdc_identity, + user_id, + anchors, + pool, + revoke, + NULL, + NULL, + NULL); if (ret) { krb5_warn(context, ret, "PKINIT: failed to load"); config->enable_pkinit = 0; diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/CMS.asn1 index 5c8b71da1a..78873761b6 100644 --- a/source4/heimdal/lib/asn1/CMS.asn1 +++ b/source4/heimdal/lib/asn1/CMS.asn1 @@ -1,5 +1,5 @@ -- From RFC 3369 -- --- $Id: CMS.asn1,v 1.3 2005/07/23 10:37:13 lha Exp $ -- +-- $Id: CMS.asn1,v 1.4 2006/04/15 10:53:25 lha Exp $ -- CMS DEFINITIONS ::= BEGIN @@ -142,7 +142,7 @@ EnvelopedData ::= SEQUENCE { -- Data ::= OCTET STRING CMSRC2CBCParameter ::= SEQUENCE { - rc2ParameterVersion INTEGER, + rc2ParameterVersion INTEGER (0..4294967295), iv OCTET STRING -- exactly 8 octets } diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 index 7d012ed6f8..057f571bac 100644 --- a/source4/heimdal/lib/asn1/canthandle.asn1 +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1,v 1.5 2005/08/11 14:07:21 lha Exp $ -- +-- $Id: canthandle.asn1,v 1.6 2006/01/18 19:12:33 lha Exp $ -- CANTHANDLE DEFINITIONS ::= BEGIN @@ -31,10 +31,4 @@ Bar ::= SEQUENCE { Baz ::= SET OF INTEGER --- Allocation is done on CONTEXT tags. - -Alloc ::= SEQUENCE { - a heim_any OPTIONAL -} - END diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 2a6fecebbb..3d7c3983ac 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.65 2006/03/08 12:29:34 lha Exp $"); +RCSID("$Id: gen.c,v 1.67 2006/03/31 02:52:21 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -62,6 +62,8 @@ add_import (const char *module) tmp->module = module; tmp->next = imports; imports = tmp; + + fprintf (headerfile, "#include <%s_asn1.h>\n", module); } const char * @@ -223,7 +225,6 @@ gen_compare_defval(const char *var, struct value *val) static void generate_header_of_codefile(const char *name) { - struct import *i; char *filename; if (codefile != NULL) @@ -248,10 +249,6 @@ generate_header_of_codefile(const char *name) "#include <krb5-types.h>\n", orig_filename); - for (i = imports; i != NULL; i = i->next) - fprintf (codefile, - "#include <%s_asn1.h>\n", - i->module); fprintf (codefile, "#include <%s.h>\n", headerbase); diff --git a/source4/heimdal/lib/asn1/hash.c b/source4/heimdal/lib/asn1/hash.c index 7926541c19..f03d6b856b 100644 --- a/source4/heimdal/lib/asn1/hash.c +++ b/source4/heimdal/lib/asn1/hash.c @@ -37,7 +37,7 @@ #include "gen_locl.h" -RCSID("$Id: hash.c,v 1.10 2005/07/12 06:27:30 lha Exp $"); +RCSID("$Id: hash.c,v 1.11 2006/04/07 22:16:00 lha Exp $"); static Hashentry *_search(Hashtab * htab, /* The hash table */ void *ptr); /* And key */ @@ -53,17 +53,16 @@ hashtabnew(int sz, assert(sz > 0); htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *)); + if (htab == NULL) + return NULL; + for (i = 0; i < sz; ++i) htab->tab[i] = NULL; - if (htab == NULL) { - return NULL; - } else { - htab->cmp = cmp; - htab->hash = hash; - htab->sz = sz; - return htab; - } + htab->cmp = cmp; + htab->hash = hash; + htab->sz = sz; + return htab; } /* Intern search function */ diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index aa3e0b806d..e314adee0e 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.46 2005/08/22 19:09:25 lha Exp $ +-- $Id: k5.asn1,v 1.47 2006/03/27 22:52:11 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -56,6 +56,7 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number) KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25) KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25) + KRB5-PADATA-PA-PK-OCSP-RESPONSE(18), KRB5-PADATA-ETYPE-INFO2(19), KRB5-PADATA-USE-SPECIFIED-KVNO(20), KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp) diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 3e58650685..b4814f073f 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,85 +1,32 @@ +/* A lexical scanner generated by flex*/ -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 31 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ -/* begin standard C headers. */ #include <stdio.h> -#include <string.h> -#include <errno.h> -#include <stdlib.h> - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */ +#include <unistd.h> -#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L -#include <inttypes.h> -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include <stdlib.h> + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include <io.h> +#include <stdlib.h> +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -112,71 +76,80 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) + +/* Some routines like yy_flex_realloc() are emitted as static but are + not called by all lexers. This generates warnings in some compilers, + notably GCC. Arrange to suppress these. */ +#ifdef __GNUC__ +#define YY_MAY_BE_UNUSED __attribute__((unused)) +#else +#define YY_MAY_BE_UNUSED +#endif /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -213,16 +186,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -236,33 +205,23 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ @@ -275,92 +234,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yyrestart YY_PROTO(( FILE *input_file )); -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 95 #define YY_END_OF_BUFFER 96 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[568] = +static yyconst short int yy_accept[568] = { 0, 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, @@ -426,7 +359,7 @@ static yyconst flex_int16_t yy_accept[568] = 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -458,7 +391,7 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[70] = +static yyconst int yy_meta[70] = { 0, 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, @@ -469,7 +402,7 @@ static yyconst flex_int32_t yy_meta[70] = 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst flex_int16_t yy_base[570] = +static yyconst short int yy_base[570] = { 0, 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, @@ -535,7 +468,7 @@ static yyconst flex_int16_t yy_base[570] = 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst flex_int16_t yy_def[570] = +static yyconst short int yy_def[570] = { 0, 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, @@ -601,7 +534,7 @@ static yyconst flex_int16_t yy_def[570] = 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst flex_int16_t yy_nxt[707] = +static yyconst short int yy_nxt[707] = { 0, 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, @@ -683,7 +616,7 @@ static yyconst flex_int16_t yy_nxt[707] = 567, 567, 567, 567, 567, 567 } ; -static yyconst flex_int16_t yy_chk[707] = +static yyconst short int yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -768,9 +701,6 @@ static yyconst flex_int16_t yy_chk[707] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -780,6 +710,7 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan @@ -838,21 +769,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); -#line 842 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include <unistd.h> -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif +#line 773 "lex.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -860,30 +777,65 @@ static void unterminated(const char *, unsigned); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); #endif #endif - static void yyunput (int c,char *buf_ptr ); - +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); #else -static int input (void ); +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); #endif +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include <stdlib.h> +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -892,6 +844,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -904,10 +857,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -917,22 +869,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -953,18 +892,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -981,28 +914,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - + #line 62 "lex.l" -#line 995 "lex.yy.c" +#line 926 "lex.c" - if ( (yy_init) ) + if ( yy_init ) { - (yy_init) = 0; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -1010,36 +941,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1056,22 +985,24 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: @@ -1635,7 +1566,6 @@ YY_RULE_SETUP ; YY_BREAK case 91: -/* rule 91 can match eol */ YY_RULE_SETUP #line 264 "lex.l" { ++lineno; } @@ -1660,33 +1590,33 @@ YY_RULE_SETUP #line 268 "lex.l" ECHO; YY_BREAK -#line 1664 "lex.yy.c" +#line 1594 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -1696,13 +1626,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1715,30 +1645,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1749,7 +1679,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1757,30 +1687,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1791,7 +1721,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -1800,20 +1731,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1833,30 +1765,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1869,7 +1805,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1879,35 +1816,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1915,31 +1852,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1951,23 +1889,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1979,73 +1924,81 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -2059,16 +2012,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -2078,92 +2031,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -2172,75 +2123,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) + +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -2257,121 +2208,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -2385,42 +2244,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yy_str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) -{ - - return yy_scan_bytes(yy_str,strlen(yy_str) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; - buf = (char *) yyalloc(n ); + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); @@ -2429,7 +2293,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -2439,164 +2303,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) b->yy_is_our_buffer = 1; return b; -} + } +#endif -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; #endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/* Redefine yyless() so it works in section 3 code. */ + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/* Accessor methods (get/set functions) to struct members. */ + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + BEGIN(new_state); + } +#endif -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Get the current token. - * - */ + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } -int yyget_debug (void) -{ - return yy_flex_debug; -} -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } +/* Redefine yyless() so it works in section 3 code. */ - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; - for ( i = 0; i < n; ++i ) + for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; - for ( n = 0; s[n]; ++n ) + for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2605,31 +2453,28 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" + } -#undef YY_NEW_FILE -#undef YY_FLUSH_BUFFER -#undef yy_set_bol -#undef yy_new_buffer -#undef yy_set_interactive -#undef yytext_ptr -#undef YY_DO_BEFORE_ACTION +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } -#ifdef YY_DECL_IS_OURS -#undef YY_DECL_IS_OURS -#undef YY_DECL +#if YY_MAIN +int main() + { + yylex(); + return 0; + } #endif #line 268 "lex.l" - #ifndef yywrap /* XXX */ int yywrap () @@ -2655,4 +2500,3 @@ unterminated(const char *type, unsigned start_lineno) { error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 420a1bc5c5..0bf3cdafdb 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -36,9 +36,6 @@ /* Identify Bison output. */ #define YYBISON 1 -/* Bison version. */ -#define YYBISON_VERSION "2.1" - /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -145,7 +142,6 @@ NUMBER = 344 }; #endif -/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -270,7 +266,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 0 +# define YYDEBUG 1 #endif /* Enabling verbose error messages. */ @@ -281,11 +277,6 @@ struct string_list { # define YYERROR_VERBOSE 0 #endif -/* Enabling the token table. */ -#ifndef YYTOKEN_TABLE -# define YYTOKEN_TABLE 0 -#endif - #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) #line 65 "parse.y" typedef union YYSTYPE { @@ -302,8 +293,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 196 of yacc.c. */ -#line 307 "$base.c" +/* Line 190 of yacc.c. */ +#line 298 "parse.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -314,36 +305,17 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 219 of yacc.c. */ -#line 319 "$base.c" +/* Line 213 of yacc.c. */ +#line 310 "parse.c" -#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) -# define YYSIZE_T __SIZE_TYPE__ -#endif -#if ! defined (YYSIZE_T) && defined (size_t) -# define YYSIZE_T size_t -#endif -#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus)) -# include <stddef.h> /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -#endif -#if ! defined (YYSIZE_T) -# define YYSIZE_T unsigned int -#endif +#if ! defined (yyoverflow) || YYERROR_VERBOSE -#ifndef YY_ -# if YYENABLE_NLS -# if ENABLE_NLS -# include <libintl.h> /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) -# endif +# ifndef YYFREE +# define YYFREE free # endif -# ifndef YY_ -# define YY_(msgid) msgid +# ifndef YYMALLOC +# define YYMALLOC malloc # endif -#endif - -#if ! defined (yyoverflow) || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -353,10 +325,6 @@ typedef union YYSTYPE { # define YYSTACK_ALLOC __builtin_alloca # else # define YYSTACK_ALLOC alloca -# if defined (__STDC__) || defined (__cplusplus) -# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ -# define YYINCLUDED_STDLIB_H -# endif # endif # endif # endif @@ -364,39 +332,13 @@ typedef union YYSTYPE { # ifdef YYSTACK_ALLOC /* Pacify GCC's `empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) -# ifndef YYSTACK_ALLOC_MAXIMUM - /* The OS might guarantee only one guard page at the bottom of the stack, - and a page size can be as small as 4096 bytes. So we cannot safely - invoke alloca (N) if N exceeds 4096. Use a slightly smaller number - to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */ -# endif # else +# if defined (__STDC__) || defined (__cplusplus) +# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE -# ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1) -# endif -# ifdef __cplusplus -extern "C" { -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) -void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifndef YYFREE -# define YYFREE free -# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) -void free (void *); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifdef __cplusplus -} -# endif # endif #endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ @@ -431,7 +373,7 @@ union yyalloc # define YYCOPY(To, From, Count) \ do \ { \ - YYSIZE_T yyi; \ + register YYSIZE_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ @@ -481,7 +423,7 @@ union yyalloc #define YYUNDEFTOK 2 #define YYMAXUTOK 344 -#define YYTRANSLATE(YYX) \ +#define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ @@ -606,8 +548,8 @@ static const unsigned short int yyrline[] = }; #endif -#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE -/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. +#if YYDEBUG || YYERROR_VERBOSE +/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { @@ -862,6 +804,22 @@ static const unsigned char yystos[] = 154 }; +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ +#endif +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) +# if defined (__STDC__) || defined (__cplusplus) +# include <stddef.h> /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif +#endif +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int +#endif + #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYEMPTY (-2) @@ -891,8 +849,8 @@ do \ goto yybackup; \ } \ else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ + { \ + yyerror ("syntax error: cannot back up");\ YYERROR; \ } \ while (0) @@ -971,7 +929,7 @@ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ - yysymprint (stderr, \ + yysymprint (stderr, \ Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ @@ -1019,13 +977,13 @@ yy_reduce_print (yyrule) #endif { int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ", + unsigned int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", yyrule - 1, yylno); /* Print the symbols being reduced, and their result. */ for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) - YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); - YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]); + YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); + YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]); } # define YY_REDUCE_PRINT(Rule) \ @@ -1054,7 +1012,7 @@ int yydebug; if the built-in stack extension method is used). Do not make this value too large; the results are undefined if - YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) + SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH @@ -1078,7 +1036,7 @@ yystrlen (yystr) const char *yystr; # endif { - const char *yys = yystr; + register const char *yys = yystr; while (*yys++ != '\0') continue; @@ -1103,8 +1061,8 @@ yystpcpy (yydest, yysrc) const char *yysrc; # endif { - char *yyd = yydest; - const char *yys = yysrc; + register char *yyd = yydest; + register const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; @@ -1114,55 +1072,7 @@ yystpcpy (yydest, yysrc) # endif # endif -# ifndef yytnamerr -/* Copy to YYRES the contents of YYSTR after stripping away unnecessary - quotes and backslashes, so that it's suitable for yyerror. The - heuristic is that double-quoting is unnecessary unless the string - contains an apostrophe, a comma, or backslash (other than - backslash-backslash). YYSTR is taken from yytname. If YYRES is - null, do not copy; instead, return the length of what the result - would have been. */ -static YYSIZE_T -yytnamerr (char *yyres, const char *yystr) -{ - if (*yystr == '"') - { - size_t yyn = 0; - char const *yyp = yystr; - - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } - do_not_strip_quotes: ; - } - - if (! yyres) - return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; -} -# endif - -#endif /* YYERROR_VERBOSE */ +#endif /* !YYERROR_VERBOSE */ @@ -1282,13 +1192,13 @@ yyparse (void) #else int yyparse () - ; + #endif #endif { - int yystate; - int yyn; + register int yystate; + register int yyn; int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; @@ -1306,12 +1216,12 @@ yyparse () /* The state stack. */ short int yyssa[YYINITDEPTH]; short int *yyss = yyssa; - short int *yyssp; + register short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; - YYSTYPE *yyvsp; + register YYSTYPE *yyvsp; @@ -1343,6 +1253,9 @@ yyparse () yyssp = yyss; yyvsp = yyvs; + + yyvsp[0] = yylval; + goto yysetstate; /*------------------------------------------------------------. @@ -1375,7 +1288,7 @@ yyparse () data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), + yyoverflow ("parser stack overflow", &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), @@ -1386,11 +1299,11 @@ yyparse () } #else /* no yyoverflow */ # ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; + goto yyoverflowlab; # else /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; + goto yyoverflowlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; @@ -1400,7 +1313,7 @@ yyparse () union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) - goto yyexhaustedlab; + goto yyoverflowlab; YYSTACK_RELOCATE (yyss); YYSTACK_RELOCATE (yyvs); @@ -2230,11 +2143,10 @@ yyreduce: break; - default: break; } -/* Line 1126 of yacc.c. */ -#line 2238 "$base.c" +/* Line 1037 of yacc.c. */ +#line 2150 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -2273,36 +2185,12 @@ yyerrlab: if (YYPACT_NINF < yyn && yyn < YYLAST) { + YYSIZE_T yysize = 0; int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - char *yymsg = 0; -# define YYERROR_VERBOSE_ARGS_MAXIMUM 5 - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + const char* yyprefix; + char *yymsg; int yyx; -#if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -#endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; - /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ int yyxbegin = yyn < 0 ? -yyn : 0; @@ -2310,68 +2198,48 @@ yyerrlab: /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; - - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); + int yycount = 0; + yyprefix = ", expecting "; for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); + yycount += 1; + if (yycount == 5) { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; + yysize = 0; break; } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; } - - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - - if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM) - yymsg = (char *) YYSTACK_ALLOC (yysize); - if (yymsg) + yysize += (sizeof ("syntax error, unexpected ") + + yystrlen (yytname[yytype])); + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg != 0) { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yymsg; - int yyi = 0; - while ((*yyp = *yyf)) + char *yyp = yystpcpy (yymsg, "syntax error, unexpected "); + yyp = yystpcpy (yyp, yytname[yytype]); + + if (yycount < 5) { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + yyp = yystpcpy (yyp, yyprefix); + yyp = yystpcpy (yyp, yytname[yyx]); + yyprefix = " or "; + } } yyerror (yymsg); YYSTACK_FREE (yymsg); } else - { - yyerror (YY_("syntax error")); - goto yyexhaustedlab; - } + yyerror ("syntax error; also virtual memory exhausted"); } else #endif /* YYERROR_VERBOSE */ - yyerror (YY_("syntax error")); + yyerror ("syntax error"); } @@ -2383,9 +2251,18 @@ yyerrlab: if (yychar <= YYEOF) { - /* Return failure if at end of input. */ + /* If at end of input, pop the error token, + then the rest of the stack, then return failure. */ if (yychar == YYEOF) - YYABORT; + for (;;) + { + + YYPOPSTACK; + if (yyssp == yyss) + YYABORT; + yydestruct ("Error: popping", + yystos[*yyssp], yyvsp); + } } else { @@ -2404,11 +2281,12 @@ yyerrlab: `---------------------------------------------------*/ yyerrorlab: - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ +#ifdef __GNUC__ + /* Pacify GCC when the user code never invokes YYERROR and the label + yyerrorlab therefore never appears in user code. */ if (0) goto yyerrorlab; +#endif yyvsp -= yylen; yyssp -= yylen; @@ -2471,29 +2349,23 @@ yyacceptlab: | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: + yydestruct ("Error: discarding lookahead", + yytoken, &yylval); + yychar = YYEMPTY; yyresult = 1; goto yyreturn; #ifndef yyoverflow -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ -yyexhaustedlab: - yyerror (YY_("memory exhausted")); +/*----------------------------------------------. +| yyoverflowlab -- parser overflow comes here. | +`----------------------------------------------*/ +yyoverflowlab: + yyerror ("parser stack overflow"); yyresult = 2; /* Fall through. */ #endif yyreturn: - if (yychar != YYEOF && yychar != YYEMPTY) - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); - while (yyssp != yyss) - { - yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); - YYPOPSTACK; - } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index df4587501e..5cc1342618 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -118,7 +118,6 @@ NUMBER = 344 }; #endif -/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -226,8 +225,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 1447 of yacc.c. */ -#line 231 "parse.h" +/* Line 1318 of yacc.c. */ +#line 230 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index 0010c8481e..22fcc0b003 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -1,9 +1,11 @@ --- $Id: test.asn1,v 1.5 2005/07/21 20:48:27 lha Exp $ -- +-- $Id: test.asn1,v 1.8 2006/01/31 09:42:04 lha Exp $ -- TEST DEFINITIONS ::= BEGIN +IMPORTS heim_any FROM heim; + TESTLargeTag ::= SEQUENCE { foo[127] INTEGER (-2147483648..2147483647) } @@ -45,4 +47,40 @@ TESTImplicit2 ::= SEQUENCE { ti3[2] IMPLICIT TESTInteger3 } +TESTAllocInner ::= SEQUENCE { + ai[0] TESTInteger +} + +TESTAlloc ::= SEQUENCE { + tagless TESTAllocInner OPTIONAL, + three [1] INTEGER (-2147483648..2147483647), + tagless2 heim_any OPTIONAL +} + + +TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER ) +TESTENCODEDBY ::= OCTET STRING ( ENCODED BY + { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } +) + +TESTDer OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) +} + +TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY + { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } +) + +TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( + CONTAINING INTEGER ENCODED BY TESTDer +) + + +TESTValue1 INTEGER ::= 1 + +TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- }) +-- TESTUSERCONSTRAINED2 ::= OCTET STRING (CONSTRAINED BY { TESTInteger }) +-- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER }) +-- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 }) + END diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index f19c1b26f3..925615f244 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,85 +1,32 @@ - -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - /* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ + #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 31 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ #include <stdio.h> -#include <string.h> -#include <errno.h> -#include <stdlib.h> - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */ +#include <unistd.h> -#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L -#include <inttypes.h> -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include <stdlib.h> + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include <io.h> +#include <stdlib.h> +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -112,71 +76,71 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -213,16 +177,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -236,33 +196,23 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ @@ -275,92 +225,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); +void yyrestart YY_PROTO(( FILE *input_file )); -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); - -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 16 #define YY_END_OF_BUFFER 17 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[46] = +static yyconst short int yy_accept[46] = { 0, 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, @@ -369,7 +293,7 @@ static yyconst flex_int16_t yy_accept[46] = 14, 4, 14, 2, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -401,14 +325,14 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[23] = +static yyconst int yy_meta[23] = { 0, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3 } ; -static yyconst flex_int16_t yy_base[48] = +static yyconst short int yy_base[48] = { 0, 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, @@ -417,7 +341,7 @@ static yyconst flex_int16_t yy_base[48] = 12, 0, 14, 0, 57, 34, 23 } ; -static yyconst flex_int16_t yy_def[48] = +static yyconst short int yy_def[48] = { 0, 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, @@ -426,7 +350,7 @@ static yyconst flex_int16_t yy_def[48] = 47, 47, 47, 47, 0, 45, 45 } ; -static yyconst flex_int16_t yy_nxt[80] = +static yyconst short int yy_nxt[80] = { 0, 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, @@ -438,7 +362,7 @@ static yyconst flex_int16_t yy_nxt[80] = 45, 45, 45, 45, 45, 45, 45, 45, 45 } ; -static yyconst flex_int16_t yy_chk[80] = +static yyconst short int yy_chk[80] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -453,9 +377,6 @@ static yyconst flex_int16_t yy_chk[80] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -465,6 +386,7 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -520,21 +442,7 @@ static int getstring(void); #undef ECHO -#line 524 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include <unistd.h> -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif +#line 446 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -542,30 +450,65 @@ static int getstring(void); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); +#endif #endif + +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif - static void yyunput (int c,char *buf_ptr ); - #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); #else -static int input (void ); +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); #endif +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include <stdlib.h> +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -574,6 +517,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -586,10 +530,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -599,22 +542,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -635,18 +565,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -663,28 +587,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - + #line 59 "lex.l" -#line 677 "lex.yy.c" +#line 599 "lex.yy.c" - if ( (yy_init) ) + if ( yy_init ) { - (yy_init) = 0; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -692,36 +614,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -738,22 +658,24 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: @@ -812,7 +734,6 @@ YY_RULE_SETUP ; YY_BREAK case 12: -/* rule 12 can match eol */ YY_RULE_SETUP #line 71 "lex.l" { lineno++; } @@ -837,33 +758,33 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 841 "lex.yy.c" +#line 762 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -873,13 +794,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -892,30 +813,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -926,7 +847,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -934,30 +855,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -968,7 +889,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -977,20 +899,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1010,30 +933,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1046,7 +973,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1056,35 +984,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1092,31 +1020,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1128,23 +1057,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1156,73 +1092,81 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 45); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -1236,16 +1180,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -1255,92 +1199,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1349,75 +1291,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -1434,121 +1376,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } -} -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -1562,42 +1412,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yy_str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) -{ - - return yy_scan_bytes(yy_str,strlen(yy_str) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; - buf = (char *) yyalloc(n ); + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); @@ -1606,7 +1461,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1616,164 +1471,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) b->yy_is_our_buffer = 1; return b; -} + } +#endif -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; #endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/* Redefine yyless() so it works in section 3 code. */ + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/* Accessor methods (get/set functions) to struct members. */ + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + BEGIN(new_state); + } +#endif -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Get the current token. - * - */ + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } -int yyget_debug (void) -{ - return yy_flex_debug; -} -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } +/* Redefine yyless() so it works in section 3 code. */ - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; - for ( i = 0; i < n; ++i ) + for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; - for ( n = 0; s[n]; ++n ) + for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1782,31 +1621,28 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" + } -#undef YY_NEW_FILE -#undef YY_FLUSH_BUFFER -#undef yy_set_bol -#undef yy_new_buffer -#undef yy_set_interactive -#undef yytext_ptr -#undef YY_DO_BEFORE_ACTION +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } -#ifdef YY_DECL_IS_OURS -#undef YY_DECL_IS_OURS -#undef YY_DECL +#if YY_MAIN +int main() + { + yylex(); + return 0; + } #endif #line 75 "lex.l" - #ifndef yywrap /* XXX */ int yywrap () @@ -1859,4 +1695,3 @@ error_message (const char *format, ...) va_end (args); numerror++; } - diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c index b6bb55a9ba..32d479e372 100644 --- a/source4/heimdal/lib/des/des.c +++ b/source4/heimdal/lib/des/des.c @@ -45,13 +45,14 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: des.c,v 1.16 2006/01/08 21:47:28 lha Exp $"); +RCSID("$Id: des.c,v 1.17 2006/04/14 14:19:36 lha Exp $"); #endif #include <stdio.h> #include <stdlib.h> #include <string.h> #include <krb5-types.h> +#include <assert.h> #include "des.h" #include "ui.h" @@ -514,6 +515,7 @@ DES_cfb64_encrypt(const void *in, void *out, if (forward_encrypt) { int i = *num; + assert(i >= 0); while (length > 0) { if (i == 0) @@ -535,6 +537,7 @@ DES_cfb64_encrypt(const void *in, void *out, } else { int i = *num; unsigned char c; + assert(i >= 0); while (length > 0) { if (i == 0) { diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h index cbea876521..419c7d8902 100644 --- a/source4/heimdal/lib/des/dh.h +++ b/source4/heimdal/lib/des/dh.h @@ -32,7 +32,7 @@ */ /* - * $Id: dh.h,v 1.4 2006/01/18 13:48:30 lha Exp $ + * $Id: dh.h,v 1.5 2006/04/20 18:16:17 lha Exp $ */ #ifndef _HEIM_DH_H @@ -52,7 +52,7 @@ #define DH_set_ex_data hc_DH_set_ex_data #define DH_get_ex_data hc_DH_get_ex_data #define DH_generate_parameters_ex hc_DH_generate_parameters_ex -#define DH_check hc_DH_check +#define DH_check_pubkey hc_DH_check_pubkey #define DH_generate_key hc_DH_generate_key #define DH_compute_key hc_DH_compute_key diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h index 70c0a7688c..757d0f75fb 100644 --- a/source4/heimdal/lib/des/engine.h +++ b/source4/heimdal/lib/des/engine.h @@ -32,7 +32,7 @@ */ /* - * $Id: engine.h,v 1.4 2006/01/13 15:26:52 lha Exp $ + * $Id: engine.h,v 1.5 2006/04/17 13:16:17 lha Exp $ */ #ifndef _HEIM_ENGINE_H @@ -45,6 +45,7 @@ #define ENGINE_finish hc_ENGINE_finish #define ENGINE_get_DH hc_ENGINE_get_DH #define ENGINE_get_RSA hc_ENGINE_get_RSA +#define ENGINE_get_RAND hc_ENGINE_get_RAND #define ENGINE_get_id hc_ENGINE_get_id #define ENGINE_get_name hc_ENGINE_get_name #define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines @@ -64,6 +65,7 @@ typedef struct hc_engine ENGINE; #include <hcrypto/rsa.h> #include <hcrypto/dsa.h> #include <hcrypto/dh.h> +#include <hcrypto/rand.h> #define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000 @@ -86,6 +88,7 @@ const char * ENGINE_get_id(const ENGINE *); const char * ENGINE_get_name(const ENGINE *); const RSA_METHOD * ENGINE_get_RSA(const ENGINE *); const DH_METHOD * ENGINE_get_DH(const ENGINE *); +const RAND_METHOD * ENGINE_get_RAND(const ENGINE *); int ENGINE_set_default_RSA(ENGINE *); ENGINE * ENGINE_get_default_RSA(void); diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c index 3f89a49bcc..475bb7314e 100644 --- a/source4/heimdal/lib/des/evp.c +++ b/source4/heimdal/lib/des/evp.c @@ -151,6 +151,22 @@ EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, * */ +static const struct hc_evp_md sha256 = { + 32, + 64, + sizeof(SHA256_CTX), + (void *)SHA256_Init, + (void *)SHA256_Update, + (void *)SHA256_Final, + NULL +}; + +const EVP_MD * +EVP_sha256(void) +{ + return &sha256; +} + static const struct hc_evp_md sha1 = { 20, 64, @@ -543,6 +559,27 @@ EVP_rc2_40_cbc(void) return &rc2_40_cbc; } +const EVP_CIPHER * +EVP_rc2_64_cbc(void) +{ + static const EVP_CIPHER rc2_64_cbc = { + 0, + RC2_BLOCK_SIZE, + 8, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_64_cbc; +} + /* * */ @@ -726,3 +763,116 @@ EVP_aes_256_cbc(void) }; return &aes_256_cbc; } + +/* + * + */ + +static const struct cipher_name { + const char *name; + const EVP_CIPHER *(*func)(void); +} cipher_name[] = { + { "des-ede3-cbc", EVP_des_ede3_cbc }, + { "aes-128-cbc", EVP_aes_128_cbc }, + { "aes-192-cbc", EVP_aes_192_cbc }, + { "aes-256-cbc", EVP_aes_256_cbc } +}; + + +const EVP_CIPHER * +EVP_get_cipherbyname(const char *name) +{ + int i; + for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { + if (strcasecmp(cipher_name[i].name, name) == 0) + return (*cipher_name[i].func)(); + } + return NULL; +} + + +/* + * + */ + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +int +EVP_BytesToKey(const EVP_CIPHER *type, + const EVP_MD *md, + const void *salt, + const void *data, size_t datalen, + unsigned int count, + void *keydata, + void *ivdata) +{ + int ivlen, keylen, first = 0; + unsigned int mds = 0, i; + unsigned char *key = keydata; + unsigned char *iv = ivdata; + unsigned char *buf; + EVP_MD_CTX c; + + keylen = EVP_CIPHER_key_length(type); + ivlen = EVP_CIPHER_iv_length(type); + + if (data == NULL) + return keylen; + + buf = malloc(EVP_MD_size(md)); + if (buf == NULL) + return -1; + + EVP_MD_CTX_init(&c); + + first = 1; + while (1) { + EVP_DigestInit_ex(&c, md, NULL); + if (!first) + EVP_DigestUpdate(&c, buf, mds); + first = 0; + EVP_DigestUpdate(&c,data,datalen); + +#define PKCS5_SALT_LEN 8 + + if (salt) + EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); + + EVP_DigestFinal_ex(&c, buf, &mds); + + for (i = 1; i < count; i++) { + EVP_DigestInit_ex(&c, md, NULL); + EVP_DigestUpdate(&c, buf, mds); + EVP_DigestFinal_ex(&c, buf, &mds); + } + + i = 0; + if (keylen) { + size_t sz = min(keylen, mds); + if (key) { + memcpy(key, buf, sz); + key += sz; + } + keylen -= sz; + i += sz; + } + if (ivlen && mds > i) { + size_t sz = min(ivlen, (mds - i)); + if (iv) { + memcpy(iv, &buf[i], sz); + iv += sz; + } + ivlen -= sz; + } + if (keylen == 0 && ivlen == 0) + break; + } + + EVP_MD_CTX_cleanup(&c); + free(buf); + + return EVP_CIPHER_key_length(type); +} + diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h index a04f17aabf..17d6d5fd41 100644 --- a/source4/heimdal/lib/des/evp.h +++ b/source4/heimdal/lib/des/evp.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: evp.h,v 1.3 2006/02/28 14:17:25 lha Exp $ */ +/* $Id: evp.h,v 1.8 2006/04/21 15:00:54 lha Exp $ */ #ifndef HEIM_EVP_H #define HEIM_EVP_H 1 @@ -79,12 +79,16 @@ #define EVP_md5 hc_EVP_md5 #define EVP_md_null hc_EVP_md_null #define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc +#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc #define EVP_rc2_cbc hc_EVP_rc2_cbc #define EVP_rc4 hc_EVP_rc4 #define EVP_rc4_40 hc_EVP_rc4_40 #define EVP_sha hc_EVP_sha #define EVP_sha1 hc_EVP_sha1 +#define EVP_sha256 hc_EVP_sha256 #define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 +#define EVP_BytesToKey hc_EVP_BytesToKey +#define EVP_get_cipherbyname hc_EVP_get_cipherbyname /* * @@ -161,6 +165,7 @@ const EVP_MD *EVP_md4(void); const EVP_MD *EVP_md5(void); const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha256(void); const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void); @@ -168,6 +173,7 @@ const EVP_CIPHER * EVP_aes_256_cbc(void); const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_enc_null(void); const EVP_CIPHER * EVP_rc2_40_cbc(void); +const EVP_CIPHER * EVP_rc2_64_cbc(void); const EVP_CIPHER * EVP_rc2_cbc(void); const EVP_CIPHER * EVP_rc4(void); const EVP_CIPHER * EVP_rc4_40(void); @@ -199,6 +205,9 @@ int EVP_Digest(const void *, size_t, void *, unsigned int *, * */ +const EVP_CIPHER * + EVP_get_cipherbyname(const char *); + size_t EVP_CIPHER_block_size(const EVP_CIPHER *); size_t EVP_CIPHER_key_length(const EVP_CIPHER *); size_t EVP_CIPHER_iv_length(const EVP_CIPHER *); @@ -227,5 +236,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t, unsigned long, size_t, void *); +int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *, + const void *, const void *, size_t, + unsigned int, void *, void *); + #endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/des/rand.h b/source4/heimdal/lib/des/rand.h index 514fe0ced4..a57da53928 100644 --- a/source4/heimdal/lib/des/rand.h +++ b/source4/heimdal/lib/des/rand.h @@ -1,3 +1,4 @@ + /* * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -32,23 +33,64 @@ */ /* - * $Id: rand.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + * $Id: rand.h,v 1.4 2006/04/17 13:23:04 lha Exp $ */ #ifndef _HEIM_RAND_H #define _HEIM_RAND_H 1 +typedef struct RAND_METHOD RAND_METHOD; + #include <hcrypto/bn.h> +#include <hcrypto/engine.h> /* symbol renaming */ #define RAND_bytes hc_RAND_bytes #define RAND_pseudo_bytes hc_RAND_pseudo_bytes +#define RAND_seed hc_RAND_seed +#define RAND_cleanup hc_RAND_cleanup +#define RAND_add hc_RAND_add +#define RAND_set_rand_method hc_RAND_set_rand_method +#define RAND_get_rand_method hc_RAND_get_rand_method +#define RAND_set_rand_engine hc_RAND_set_rand_engine +#define RAND_load_file hc_RAND_load_file +#define RAND_write_file hc_RAND_write_file +#define RAND_status hc_RAND_status +#define RAND_egd hc_RAND_egd + +/* + * + */ + +struct RAND_METHOD +{ + void (*seed)(const void *, int); + int (*bytes)(unsigned char *, int); + void (*cleanup)(void); + void (*add)(const void *, int, double); + int (*pseudorand)(unsigned char *, int); + int (*status)(void); +}; /* * */ -int RAND_bytes(void *, size_t num); -int RAND_pseudo_bytes(void *, size_t); +int RAND_bytes(void *, size_t num); +int RAND_pseudo_bytes(void *, size_t); +void RAND_seed(const void *, size_t); +void RAND_cleanup(void); +void RAND_add(const void *, size_t, double); + +int RAND_set_rand_method(const RAND_METHOD *); +const RAND_METHOD * + RAND_get_rand_method(void); +int RAND_set_rand_engine(ENGINE *); + +int RAND_load_file(const char *, size_t); +int RAND_write_file(const char *); +int RAND_status(void); +int RAND_egd(const char *); + #endif /* _HEIM_RAND_H */ diff --git a/source4/heimdal/lib/des/rc2.c b/source4/heimdal/lib/des/rc2.c index 4b4b53d52c..ed43c70605 100755 --- a/source4/heimdal/lib/des/rc2.c +++ b/source4/heimdal/lib/des/rc2.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: rc2.c,v 1.6 2005/06/18 22:47:33 lha Exp $"); +RCSID("$Id: rc2.c,v 1.7 2006/04/09 17:03:21 lha Exp $"); #endif #include "rc2.h" @@ -87,6 +87,8 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) unsigned char k[128]; int j, T8, TM; + if (len <= 0) + abort(); if (len > 128) len = 128; if (bits <= 0 || bits > 1024) diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h index da9d2ea4b1..ea1dba27d8 100644 --- a/source4/heimdal/lib/des/rsa.h +++ b/source4/heimdal/lib/des/rsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + * $Id: rsa.h,v 1.4 2006/04/16 19:38:23 lha Exp $ */ #ifndef _HEIM_RSA_H @@ -59,6 +59,7 @@ #define RSA_sign hc_RSA_sign #define RSA_verify hc_RSA_verify #define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey +#define i2d_RSAPublicKey hc_i2d_RSAPublicKey /* * @@ -160,5 +161,6 @@ int RSA_verify(int, const unsigned char *, unsigned int, unsigned char *, unsigned int, RSA *); RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); +int i2d_RSAPublicKey(RSA *, unsigned char **); #endif /* _HEIM_RSA_H */ diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h index 4657fad51f..6021823f5c 100644 --- a/source4/heimdal/lib/des/sha.h +++ b/source4/heimdal/lib/des/sha.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: sha.h,v 1.9 2006/01/08 21:47:29 lha Exp $ */ +/* $Id: sha.h,v 1.10 2006/04/15 07:54:11 lha Exp $ */ #ifndef HEIM_SHA_H #define HEIM_SHA_H 1 @@ -40,9 +40,12 @@ #define SHA1_Init hc_SHA1_Init #define SHA1_Update hc_SHA1_Update #define SHA1_Final hc_SHA1_Final +#define SHA256_Init hc_SHA256_Init +#define SHA256_Update hc_SHA256_Update +#define SHA256_Final hc_SHA256_Final /* - * + * SHA-1 */ #define SHA_DIGEST_LENGTH 20 @@ -59,4 +62,22 @@ void SHA1_Init (struct sha *m); void SHA1_Update (struct sha *m, const void *v, size_t len); void SHA1_Final (void *res, struct sha *m); +/* + * SHA-2 256 + */ + +#define SHA256_DIGEST_LENGTH 32 + +struct hc_sha256state { + unsigned int sz[2]; + u_int32_t counter[8]; + unsigned char save[64]; +}; + +typedef struct hc_sha256state SHA256_CTX; + +void SHA256_Init (SHA256_CTX *); +void SHA256_Update (SHA256_CTX *, const void *, size_t); +void SHA256_Final (void *, SHA256_CTX *); + #endif /* HEIM_SHA_H */ diff --git a/source4/heimdal/lib/des/sha256.c b/source4/heimdal/lib/des/sha256.c new file mode 100644 index 0000000000..8c12ce504c --- /dev/null +++ b/source4/heimdal/lib/des/sha256.c @@ -0,0 +1,233 @@ +/* + * Copyright (c) 1995 - 2001, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: sha256.c,v 1.1 2006/04/15 07:53:07 lha Exp $"); +#endif + +#include "hash.h" +#include "sha.h" + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n)))) + +#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10)) + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define F m->counter[5] +#define G m->counter[6] +#define H m->counter[7] + +static const u_int32_t constant_256[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +void +SHA256_Init (SHA256_CTX *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x6a09e667; + B = 0xbb67ae85; + C = 0x3c6ef372; + D = 0xa54ff53a; + E = 0x510e527f; + F = 0x9b05688c; + G = 0x1f83d9ab; + H = 0x5be0cd19; +} + +static void +calc (SHA256_CTX *m, u_int32_t *in) +{ + u_int32_t AA, BB, CC, DD, EE, FF, GG, HH; + u_int32_t data[64]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + FF = F; + GG = G; + HH = H; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 64; ++i) + data[i] = sigma1(data[i-2]) + data[i-7] + + sigma0(data[i-15]) + data[i - 16]; + + for (i = 0; i < 64; i++) { + u_int32_t T1, T2; + + T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i]; + T2 = Sigma0(AA) + Maj(AA,BB,CC); + + HH = GG; + GG = FF; + FF = EE; + EE = DD + T1; + DD = CC; + CC = BB; + BB = AA; + AA = T1 + T2; + } + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; + F += FF; + G += GG; + H += HH; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu> + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +static inline u_int32_t +swap_u_int32_t (u_int32_t t) +{ +#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) + u_int32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +SHA256_Update (SHA256_CTX *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + u_int32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_u_int32_t(u[i].a); + current[2*i+1] = swap_u_int32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (u_int32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +SHA256_Final (void *res, SHA256_CTX *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; + SHA256_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 8; ++i) { + r[4*i+3] = m->counter[i] & 0xFF; + r[4*i+2] = (m->counter[i] >> 8) & 0xFF; + r[4*i+1] = (m->counter[i] >> 16) & 0xFF; + r[4*i] = (m->counter[i] >> 24) & 0xFF; + } + } +} diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index ebb8ee2304..9ca60a6cdd 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -77,7 +77,6 @@ gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx) { krb5_keyblock *key; int acceptor = (context_handle->more_flags & LOCAL) == 0; - *is_cfx = 0; if (acceptor) { if (context_handle->auth_context->local_subkey) diff --git a/source4/heimdal/lib/gssapi/get_mic.c b/source4/heimdal/lib/gssapi/get_mic.c index 1c950e95d9..fc9e9aa1a9 100644 --- a/source4/heimdal/lib/gssapi/get_mic.c +++ b/source4/heimdal/lib/gssapi/get_mic.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: get_mic.c,v 1.29 2005/01/05 02:52:12 lukeh Exp $"); +RCSID("$Id: get_mic.c,v 1.30 2006/04/02 02:12:52 lha Exp $"); static OM_uint32 mic_des @@ -59,6 +59,7 @@ mic_des message_token->length = total_len; message_token->value = malloc (total_len); if (message_token->value == NULL) { + message_token->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -150,6 +151,7 @@ mic_des3 message_token->length = total_len; message_token->value = malloc (total_len); if (message_token->value == NULL) { + message_token->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -179,6 +181,8 @@ mic_des3 kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; free (tmp); gssapi_krb5_set_error_string (); *minor_status = kret; @@ -196,6 +200,8 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; @@ -221,6 +227,8 @@ mic_des3 ETYPE_DES3_CBC_NONE, &crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; @@ -238,6 +246,8 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index bd5d0db2b5..be2277b96f 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.43 2005/11/02 08:51:17 lha Exp $ */ +/* $Id: gssapi_locl.h,v 1.44 2006/04/12 17:44:05 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -290,6 +290,14 @@ _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32); OM_uint32 _gssapi_msg_order_f(OM_uint32); +OM_uint32 +_gssapi_msg_order_import(OM_uint32 *, krb5_storage *, + struct gss_msg_order **); + +krb5_error_code +_gssapi_msg_order_export(krb5_storage *, struct gss_msg_order *); + + /* 8003 */ krb5_error_code diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index be34d8b560..e363ee22f7 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.61 2005/11/02 11:52:49 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.62 2006/04/09 18:45:18 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to diff --git a/source4/heimdal/lib/gssapi/sequence.c b/source4/heimdal/lib/gssapi/sequence.c index 973fc6ad05..2851b0a6c8 100755 --- a/source4/heimdal/lib/gssapi/sequence.c +++ b/source4/heimdal/lib/gssapi/sequence.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: sequence.c,v 1.5 2005/04/27 17:49:43 lha Exp $"); +RCSID("$Id: sequence.c,v 1.6 2006/04/12 17:43:39 lha Exp $"); #define DEFAULT_JITTER_WINDOW 20 @@ -46,6 +46,32 @@ struct gss_msg_order { OM_uint32 elem[1]; }; + +/* + * + */ + +static OM_uint32 +msg_order_alloc(OM_uint32 *minor_status, + struct gss_msg_order **o, + OM_uint32 jitter_window) +{ + size_t len; + + len = jitter_window * sizeof((*o)->elem[0]); + len += sizeof(**o); + len -= sizeof((*o)->elem[0]); + + *o = calloc(1, len); + if (*o == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + /* * */ @@ -58,21 +84,15 @@ _gssapi_msg_order_create(OM_uint32 *minor_status, OM_uint32 jitter_window, int use_64) { - size_t len; + OM_uint32 ret; if (jitter_window == 0) jitter_window = DEFAULT_JITTER_WINDOW; - len = jitter_window * sizeof((*o)->elem[0]); - len += sizeof(**o); - len -= sizeof((*o)->elem[0]); - - *o = malloc(len); - if (*o == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memset(*o, 0, len); + ret = msg_order_alloc(minor_status, o, jitter_window); + if(ret != GSS_S_COMPLETE) + return ret; + (*o)->flags = flags; (*o)->length = 0; (*o)->first_seq = seq_num; @@ -187,3 +207,88 @@ _gssapi_msg_order_f(OM_uint32 flags) { return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG); } + +/* + * Translate `o` into inter-process format and export in to `sp'. + */ + +krb5_error_code +_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o) +{ + krb5_error_code kret; + OM_uint32 i; + + kret = krb5_store_int32(sp, o->flags); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->start); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->length); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->jitter_window); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->first_seq); + if (kret) + return kret; + + for (i = 0; i < o->jitter_window; i++) { + kret = krb5_store_int32(sp, o->elem[i]); + if (kret) + return kret; + } + + return 0; +} + +OM_uint32 +_gssapi_msg_order_import(OM_uint32 *minor_status, + krb5_storage *sp, + struct gss_msg_order **o) +{ + OM_uint32 ret; + krb5_error_code kret; + int32_t i, flags, start, length, jitter_window, first_seq; + + kret = krb5_ret_int32(sp, &flags); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &start); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &length); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &jitter_window); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &first_seq); + if (kret) + goto failed; + + ret = msg_order_alloc(minor_status, o, jitter_window); + if (ret != GSS_S_COMPLETE) + return ret; + + (*o)->flags = flags; + (*o)->start = start; + (*o)->length = length; + (*o)->jitter_window = jitter_window; + (*o)->first_seq = first_seq; + + for( i = 0; i < jitter_window; i++ ) { + kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i])); + if (kret) + goto failed; + } + + *minor_status = 0; + return GSS_S_COMPLETE; + +failed: + _gssapi_msg_order_destroy(o); + *minor_status = kret; + return GSS_S_FAILURE; +} diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index e5be6cf149..0c089067b6 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $"); +RCSID("$Id: wrap.c,v 1.32 2006/04/02 02:10:03 lha Exp $"); OM_uint32 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, @@ -316,6 +316,7 @@ wrap_des output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -440,6 +441,7 @@ wrap_des3 output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -474,6 +476,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -489,6 +493,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -518,6 +524,8 @@ wrap_des3 &crypto); if (ret) { free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -536,6 +544,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -561,6 +571,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -570,6 +582,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index c5a2efd758..0ca3846f9d 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c,v 1.3 2005/03/17 00:42:05 lha Exp $"); +RCSID("$Id: keys.c,v 1.4 2006/04/02 00:45:48 lha Exp $"); /* * free all the memory used by (len, keys) @@ -298,6 +298,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, &enctypes, &num_enctypes, &salt, principal); if (ret) { krb5_warnx(context, "bad value for default_keys `%s'", *kp); + ret = 0; continue; } @@ -334,6 +335,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, krb5_free_salt(context, salt); } + *ret_key_set = key_set; + out: if (ret) { krb5_warn(context, ret, @@ -348,8 +351,6 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, ret = EINVAL; /* XXX */ } - *ret_key_set = key_set; - return ret; } diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 6fb37842dc..12979eaecf 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c,v 1.8 2005/12/12 12:35:36 lha Exp $"); +RCSID("$Id: keytab.c,v 1.10 2006/04/02 20:20:45 lha Exp $"); struct hdb_data { char *dbname; @@ -76,7 +76,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) if((mkey - db) == 0) { d->dbname = NULL; } else { - d->dbname = malloc(mkey - db); + d->dbname = malloc(mkey - db + 1); if(d->dbname == NULL) { free(d); krb5_set_error_string(context, "malloc: out of memory"); diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 7cf2c65d89..b38104fc2d 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include <dlfcn.h> #endif -RCSID("$Id: acache.c,v 1.14 2005/10/03 08:44:18 lha Exp $"); +RCSID("$Id: acache.c,v 1.15 2006/03/27 04:22:23 lha Exp $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -218,7 +218,36 @@ make_cred_from_ccred(krb5_context context, } } - cred->flags.b = int2TicketFlags(incred->ticket_flags); /* XXX */ + cred->flags.i = 0; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE) + cred->flags.b.forwardable = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED) + cred->flags.b.forwarded = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE) + cred->flags.b.proxiable = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY) + cred->flags.b.proxy = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE) + cred->flags.b.may_postdate = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED) + cred->flags.b.postdated = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID) + cred->flags.b.invalid = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE) + cred->flags.b.renewable = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL) + cred->flags.b.initial = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH) + cred->flags.b.pre_authent = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH) + cred->flags.b.hw_authent = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED) + cred->flags.b.transited_policy_checked = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE) + cred->flags.b.ok_as_delegate = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS) + cred->flags.b.anonymous = 1; + return 0; nomem: @@ -310,7 +339,36 @@ make_ccred_from_cred(krb5_context context, } cred->addresses[i] = NULL; - cred->ticket_flags = TicketFlags2int(incred->flags.b); /* XXX */ + cred->ticket_flags = 0; + if (incred->flags.b.forwardable) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE; + if (incred->flags.b.forwarded) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED; + if (incred->flags.b.proxiable) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE; + if (incred->flags.b.proxy) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY; + if (incred->flags.b.may_postdate) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE; + if (incred->flags.b.postdated) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED; + if (incred->flags.b.invalid) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID; + if (incred->flags.b.renewable) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE; + if (incred->flags.b.initial) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL; + if (incred->flags.b.pre_authent) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH; + if (incred->flags.b.hw_authent) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH; + if (incred->flags.b.transited_policy_checked) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED; + if (incred->flags.b.ok_as_delegate) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE; + if (incred->flags.b.anonymous) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS; + return 0; fail: diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index cf460ba725..ebdbcfed46 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $"); +RCSID("$Id: addr_families.c,v 1.51 2006/04/02 02:17:31 lha Exp $"); struct addr_operations { int af; @@ -1136,6 +1136,7 @@ krb5_make_addrport (krb5_context context, if (ret) { krb5_set_error_string(context, "malloc: out of memory"); free (*res); + *res = NULL; return ret; } p = (*res)->address.data; diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index 1c38721b02..9eff09bb0a 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_auth.c,v 1.42 2005/01/05 02:34:53 lukeh Exp $"); +RCSID("$Id: build_auth.c,v 1.43 2006/04/10 08:53:21 lha Exp $"); static krb5_error_code make_etypelist(krb5_context context, @@ -116,13 +116,12 @@ krb5_build_authenticator (krb5_context context, krb5_error_code ret; krb5_crypto crypto; - auth = malloc(sizeof(*auth)); + auth = calloc(1, sizeof(*auth)); if (auth == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - memset (auth, 0, sizeof(*auth)); auth->authenticator_vno = 5; copy_Realm(&cred->client->realm, &auth->crealm); copy_PrincipalName(&cred->client->name, &auth->cname); @@ -161,10 +160,8 @@ krb5_build_authenticator (krb5_context context, /* XXX - Copy more to auth_context? */ - if (auth_context) { - auth_context->authenticator->ctime = auth->ctime; - auth_context->authenticator->cusec = auth->cusec; - } + auth_context->authenticator->ctime = auth->ctime; + auth_context->authenticator->cusec = auth->cusec; ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); if (ret) diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index efb2ad1374..b21d42d653 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $"); +RCSID("$Id: cache.c,v 1.79 2006/04/02 00:54:48 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -316,7 +316,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) } if (append == NULL) { free(*res); - res = NULL; + *res = NULL; krb5_set_error_string(context, "malloc - out of memory"); return ENOMEM; } @@ -324,6 +324,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) tlen = strlen(append); tmp = realloc(*res, len + tlen + 1); if (tmp == NULL) { + free(append); free(*res); *res = NULL; krb5_set_error_string(context, "malloc - out of memory"); diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 86e286c638..66051303ed 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.53 2005/06/16 20:22:53 lha Exp $"); +RCSID("$Id: config_file.c,v 1.54 2006/04/02 00:59:19 lha Exp $"); #ifndef HAVE_NETINFO @@ -574,7 +574,7 @@ krb5_config_vget_strings(krb5_context context, } if(nstr){ char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings)); - if(strings == NULL) + if(tmp == NULL) goto cleanup; strings = tmp; strings[nstr] = NULL; diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 039484c650..3a90995283 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $"); +RCSID("$Id: crypto.c,v 1.134 2006/04/10 08:58:53 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -4096,7 +4096,7 @@ krb5_string_to_key_derived(krb5_context context, struct encryption_type *et = _find_enctype(etype); krb5_error_code ret; struct key_data kd; - size_t keylen = et->keytype->bits / 8; + size_t keylen; u_char *tmp; if(et == NULL) { @@ -4104,6 +4104,8 @@ krb5_string_to_key_derived(krb5_context context, etype); return KRB5_PROG_ETYPE_NOSUPP; } + keylen = et->keytype->bits / 8; + ALLOC(kd.key, 1); if(kd.key == NULL) { krb5_set_error_string (context, "malloc: out of memory"); diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 9cf1410e70..3192c4c64f 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.19 2004/05/25 21:22:23 lha Exp $"); +RCSID("$Id: data.c,v 1.20 2006/04/02 01:06:07 lha Exp $"); void KRB5_LIB_FUNCTION krb5_data_zero(krb5_data *p) @@ -114,6 +114,7 @@ krb5_copy_data(krb5_context context, if(ret) { krb5_clear_error_string (context); free(*outdata); + *outdata = NULL; } return ret; } diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index f8ebe837b7..79b809d2a2 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c,v 1.51 2005/08/12 13:31:19 lha Exp $"); +RCSID("$Id: fcache.c,v 1.52 2006/04/02 01:04:37 lha Exp $"); typedef struct krb5_fcache{ char *filename; @@ -269,10 +269,11 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) } fd = mkstemp(file); if(fd < 0) { + int ret = errno; + krb5_set_error_string(context, "mkstemp %s", file); free(f); free(file); - krb5_set_error_string(context, "mkstemp %s", file); - return errno; + return ret; } close(fd); f->filename = file; diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index dafe668b5d..661d05663b 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.49 2006/04/10 09:28:15 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -180,10 +180,7 @@ krb5_get_forwarded_creds (krb5_context context, addrs.len = 0; addrs.val = NULL; - if (in_creds->client && in_creds->client->realm) - realm = in_creds->client->realm; - else - realm = in_creds->server->realm; + realm = in_creds->client->realm; krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever", TRUE, &noaddr_ever); diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 316c2f02eb..88de280a00 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.22 2006/02/03 11:42:31 lha Exp $"); +RCSID("$Id: init_creds.c,v 1.23 2006/04/02 01:08:30 lha Exp $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -75,7 +75,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, krb5_get_init_creds_opt *opt; *out = NULL; - opt = malloc(sizeof(*opt)); + opt = calloc(1, sizeof(*opt)); if (opt == NULL) { krb5_set_error_string(context, "out of memory"); return ENOMEM; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 3c694624bf..489a88a31b 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.90 2005/10/12 12:45:11 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.92 2006/04/02 01:20:15 lha Exp $"); typedef struct krb5_get_init_creds_ctx { krb5_kdc_flags flags; @@ -79,8 +79,10 @@ default_s2k_func(krb5_context context, krb5_enctype type, return ENOMEM; ret = krb5_string_to_key_data_salt_opaque(context, type, password, salt, opaque, *key); - if (ret) + if (ret) { free(*key); + *key = NULL; + } return ret; } @@ -545,23 +547,14 @@ init_creds_init_as_req (krb5_context context, krb5_set_error_string(context, "malloc: out of memory"); goto fail; } - if (creds->client) { - ret = _krb5_principal2principalname (a->req_body.cname, creds->client); - if (ret) - goto fail; - ret = copy_Realm(&creds->client->realm, &a->req_body.realm); - if (ret) - goto fail; - } else { - krb5_realm realm; - a->req_body.cname = NULL; - ret = krb5_get_default_realm(context, &realm); - if (ret) - goto fail; - ret = copy_Realm(&realm, &a->req_body.realm); - free(realm); - } + ret = _krb5_principal2principalname (a->req_body.cname, creds->client); + if (ret) + goto fail; + ret = copy_Realm(&creds->client->realm, &a->req_body.realm); + if (ret) + goto fail; + ret = _krb5_principal2principalname (a->req_body.sname, creds->server); if (ret) goto fail; diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c index 667788c69d..d5130aaad8 100644 --- a/source4/heimdal/lib/krb5/keytab_any.c +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $"); +RCSID("$Id: keytab_any.c,v 1.8 2006/04/10 09:20:13 lha Exp $"); struct any_data { krb5_keytab kt; @@ -162,23 +162,22 @@ any_next_entry (krb5_context context, ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor); if (ret == 0) return 0; - else if (ret == KRB5_KT_END) { - ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor); - if (ret2) - return ret2; - while ((ed->a = ed->a->next) != NULL) { - ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); - if (ret2 == 0) - break; - } - if (ed->a == NULL) { - krb5_clear_error_string (context); - return KRB5_KT_END; - } - } else + else if (ret != KRB5_KT_END) return ret; - } while (ret == KRB5_KT_END); - return ret; + + ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor); + if (ret2) + return ret2; + while ((ed->a = ed->a->next) != NULL) { + ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret2 == 0) + break; + } + if (ed->a == NULL) { + krb5_clear_error_string (context); + return KRB5_KT_END; + } + } while (1); } static krb5_error_code diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index 6ff2680ed1..f9a76e634a 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.20 2005/07/13 06:08:07 lha Exp $"); +RCSID("$Id: keytab_file.c,v 1.22 2006/04/07 21:57:31 lha Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -164,7 +164,7 @@ krb5_kt_ret_principal(krb5_context context, int i; int ret; krb5_principal p; - int16_t tmp; + int16_t len; ALLOC(p, 1); if(p == NULL) { @@ -172,25 +172,34 @@ krb5_kt_ret_principal(krb5_context context, return ENOMEM; } - ret = krb5_ret_int16(sp, &tmp); - if(ret) - return ret; + ret = krb5_ret_int16(sp, &len); + if(ret) { + krb5_set_error_string(context, + "Failed decoding length of keytab principal"); + goto out; + } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) - tmp--; - p->name.name_string.len = tmp; + len--; + if (len < 0) { + krb5_set_error_string(context, + "Keytab principal contains invalid length"); + ret = KRB5_KT_END; + goto out; + } ret = krb5_kt_ret_string(context, sp, &p->realm); if(ret) - return ret; - p->name.name_string.val = calloc(p->name.name_string.len, - sizeof(*p->name.name_string.val)); + goto out; + p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val)); if(p->name.name_string.val == NULL) { krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } + p->name.name_string.len = len; for(i = 0; i < p->name.name_string.len; i++){ ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i); if(ret) - return ret; + goto out; } if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) p->name.name_type = KRB5_NT_UNKNOWN; @@ -199,10 +208,13 @@ krb5_kt_ret_principal(krb5_context context, ret = krb5_ret_int32(sp, &tmp32); p->name.name_type = tmp32; if (ret) - return ret; + goto out; } *princ = p; return 0; +out: + krb5_free_principal(context, p); + return ret; } static krb5_error_code @@ -423,7 +435,7 @@ loop: } } if(start) *start = pos; - if(end) *end = *start + 4 + len; + if(end) *end = pos + 4 + len; out: krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET); return ret; diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index 5c94291e72..32fb48a8a2 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.17 2005/09/30 11:20:53 lha Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.18 2006/04/02 01:24:52 lha Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -94,6 +94,7 @@ get_cell_and_realm (krb5_context context, f = fopen (AFS_SERVERMAGICKRBCONF, "r"); if (f != NULL) { if (fgets (buf, sizeof(buf), f) == NULL) { + free (d->cell); fclose (f); krb5_set_error_string (context, "no realm in %s", AFS_SERVERMAGICKRBCONF); diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c index 1a83faca57..19e7f106bf 100644 --- a/source4/heimdal/lib/krb5/keytab_krb4.c +++ b/source4/heimdal/lib/krb5/keytab_krb4.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_krb4.c,v 1.13 2005/05/19 04:13:18 lha Exp $"); +RCSID("$Id: keytab_krb4.c,v 1.15 2006/04/10 17:10:53 lha Exp $"); struct krb4_kt_data { char *filename; @@ -139,6 +139,11 @@ krb4_kt_start_seq_get_int (krb5_context context, return ret; } c->sp = krb5_storage_from_fd(c->fd); + if(c->sp == NULL) { + close(c->fd); + free(ed); + return ENOMEM; + } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); return 0; } @@ -302,11 +307,11 @@ krb4_kt_add_entry (krb5_context context, } } sp = krb5_storage_from_fd(fd); - krb5_storage_set_eof_code(sp, KRB5_KT_END); if(sp == NULL) { close(fd); return ENOMEM; } + krb5_storage_set_eof_code(sp, KRB5_KT_END); ret = krb4_store_keytab_entry(context, entry, sp); krb5_storage_free(sp); if(close (fd) < 0) @@ -316,8 +321,8 @@ krb4_kt_add_entry (krb5_context context, static krb5_error_code krb4_kt_remove_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) + krb5_keytab id, + krb5_keytab_entry *entry) { struct krb4_kt_data *d = id->data; krb5_error_code ret; diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 8d9b3c62ac..00126d60ed 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -302,19 +302,13 @@ void KRB5_LIB_FUNCTION _krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_create_sign ( - krb5_context /*context*/, - const heim_oid */*eContentType*/, - krb5_data */*eContent*/, - struct krb5_pk_identity */*id*/, - krb5_data */*sd_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_load_openssl_id ( +_krb5_pk_load_id ( krb5_context /*context*/, struct krb5_pk_identity **/*ret_id*/, const char */*user_id*/, - const char */*x509_anchors*/, + const char */*anchor_id*/, + char * const */*chain*/, + char * const */*revoke*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, char */*password*/); diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index d7e74621ef..56f43f6c3d 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -1874,6 +1874,8 @@ krb5_get_init_creds_opt_set_pkinit ( krb5_principal /*principal*/, const char */*user_id*/, const char */*x509_anchors*/, + char * const * /*chain*/, + char * const * /*revoke*/, int /*flags*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index 00c30d7791..29b2ddbecc 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h,v 1.1 2004/09/11 04:00:42 lha Exp $ */ +/* $Id: krb5_ccapi.h,v 1.2 2006/03/27 04:21:06 lha Exp $ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 @@ -43,7 +43,8 @@ enum { }; enum { - ccapi_version_3 = 3 + ccapi_version_3 = 3, + ccapi_version_4 = 4 }; enum { @@ -108,7 +109,21 @@ struct cc_credentials_v5_t { cc_time_t endtime; cc_time_t renew_till; cc_uint32 is_skey; - cc_uint32 ticket_flags; /* XXX ticket flags undefined */ + cc_uint32 ticket_flags; +#define KRB5_CCAPI_TKT_FLG_FORWARDABLE 0x40000000 +#define KRB5_CCAPI_TKT_FLG_FORWARDED 0x20000000 +#define KRB5_CCAPI_TKT_FLG_PROXIABLE 0x10000000 +#define KRB5_CCAPI_TKT_FLG_PROXY 0x08000000 +#define KRB5_CCAPI_TKT_FLG_MAY_POSTDATE 0x04000000 +#define KRB5_CCAPI_TKT_FLG_POSTDATED 0x02000000 +#define KRB5_CCAPI_TKT_FLG_INVALID 0x01000000 +#define KRB5_CCAPI_TKT_FLG_RENEWABLE 0x00800000 +#define KRB5_CCAPI_TKT_FLG_INITIAL 0x00400000 +#define KRB5_CCAPI_TKT_FLG_PRE_AUTH 0x00200000 +#define KRB5_CCAPI_TKT_FLG_HW_AUTH 0x00100000 +#define KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 +#define KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE 0x00040000 +#define KRB5_CCAPI_TKT_FLG_ANONYMOUS 0x00020000 cc_data **addresses; cc_data ticket; cc_data second_ticket; diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index ef9f5dbd60..221bd706f4 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: krbhst.c,v 1.53 2005/10/08 15:40:50 lha Exp $"); +RCSID("$Id: krbhst.c,v 1.55 2006/04/02 10:32:20 lha Exp $"); static int string_to_proto(const char *string) @@ -241,8 +241,9 @@ _krb5_krbhost_info_move(krb5_context context, krb5_krbhst_info *from, krb5_krbhst_info **to) { + size_t hostnamelen = strlen(from->hostname); /* trailing NUL is included in structure */ - *to = calloc(1, sizeof(**to) + strlen(from->hostname)); + *to = calloc(1, sizeof(**to) + hostnamelen); if(*to == NULL) { krb5_set_error_string(context, "malloc - out of memory"); return ENOMEM; @@ -254,7 +255,7 @@ _krb5_krbhost_info_move(krb5_context context, (*to)->ai = from->ai; from->ai = NULL; (*to)->next = NULL; - strcpy((*to)->hostname, from->hostname); + memcpy((*to)->hostname, from->hostname, hostnamelen + 1); return 0; } diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 4f6381c858..7e478bf1e0 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.36 2005/06/17 04:25:05 lha Exp $"); +RCSID("$Id: log.c,v 1.38 2006/04/10 09:41:26 lha Exp $"); struct facility { int min; @@ -284,7 +284,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) ret = open_file(context, f, min, max, NULL, NULL, stderr, 1); }else if(strcmp(p, "CONSOLE") == 0){ ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0); - }else if(strncmp(p, "FILE:", 4) == 0 && (p[4] == ':' || p[4] == '=')){ + }else if(strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')){ char *fn; FILE *file = NULL; int keep_open = 0; @@ -300,6 +300,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) ret = errno; krb5_set_error_string (context, "open(%s): %s", fn, strerror(ret)); + free(fn); return ret; } file = fdopen(i, "a"); @@ -308,12 +309,13 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) close(i); krb5_set_error_string (context, "fdopen(%s): %s", fn, strerror(ret)); + free(fn); return ret; } keep_open = 1; } ret = open_file(context, f, min, max, fn, "a", file, keep_open); - }else if(strncmp(p, "DEVICE=", 6) == 0){ + }else if(strncmp(p, "DEVICE", 6) == 0 && (p[6] == ':' || p[6] == '=')){ ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0); }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){ char severity[128] = ""; diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 1247bb22ca..fa4fb4699e 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.77 2006/02/14 10:08:29 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.88 2006/04/23 21:30:17 lha Exp $"); struct krb5_dh_moduli { char *name; @@ -45,71 +45,35 @@ struct krb5_dh_moduli { #ifdef PKINIT -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/pem.h> -#include <openssl/err.h> -#include <openssl/dh.h> -#include <openssl/bn.h> -#include <openssl/engine.h> -#include <openssl/ui.h> - -#ifdef HAVE_DIRENT_H -#include <dirent.h> -#endif +#include <heim_asn1.h> +#include <rfc2459_asn1.h> +#include <cms_asn1.h> +#include <pkcs8_asn1.h> +#include <pkcs9_asn1.h> +#include <pkcs12_asn1.h> +#include <pkinit_asn1.h> +#include <asn1_err.h> + +#include <der.h> -#include "heim_asn1.h" -#include "rfc2459_asn1.h" -#include "cms_asn1.h" -#include "pkinit_asn1.h" +#include <hx509.h> enum { COMPAT_WIN2K = 1, COMPAT_IETF = 2 }; -#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ -{ \ - unsigned char *p; \ - (BL) = i2d_##T((S), NULL); \ - if ((BL) <= 0) { \ - (R) = EINVAL; \ - } else { \ - (B) = malloc((BL)); \ - if ((B) == NULL) { \ - (R) = ENOMEM; \ - } else { \ - p = (B); \ - (R) = 0; \ - (BL) = i2d_##T((S), &p); \ - if ((BL) <= 0) { \ - free((B)); \ - (R) = ASN1_OVERRUN; \ - } \ - } \ - } \ -} - -/* ENGING_load_private_key requires a UI_METHOD and data - * if to be usable from PAM - */ - -struct krb5_ui_data { - krb5_context context; - krb5_prompter_fct prompter; - void * prompter_data; -}; - struct krb5_pk_identity { - EVP_PKEY *private_key; - STACK_OF(X509) *cert; - STACK_OF(X509) *trusted_certs; - STACK_OF(X509_CRL) *crls; - ENGINE *engine; + hx509_context hx509ctx; + hx509_verify_ctx verify_ctx; + hx509_certs certs; + hx509_certs anchors; + hx509_certs certpool; + hx509_revoke_ctx revoke; }; struct krb5_pk_cert { - X509 *cert; + hx509_cert cert; }; struct krb5_pk_init_ctx_data { @@ -118,13 +82,16 @@ struct krb5_pk_init_ctx_data { krb5_data *clientDHNonce; struct krb5_dh_moduli **m; int require_binding; + int require_eku; + int require_krbtgt_otherName; }; void KRB5_LIB_FUNCTION _krb5_pk_cert_free(struct krb5_pk_cert *cert) { - if (cert->cert) - X509_free(cert->cert); + if (cert->cert) { + hx509_cert_free(cert->cert); + } free(cert); } @@ -138,7 +105,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) return ENOMEM; } BN_bn2bin(bn, integer->data); - integer->negative = bn->neg; + integer->negative = BN_is_negative(bn); return 0; } @@ -152,315 +119,44 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f) krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); return NULL; } - bn->neg = f->negative; + BN_set_negative(bn, f->negative); return bn; } -/* - * UI ex_data has the callback_data as passed to Engine. This is far - * from being complete, we will only process one prompt - */ - -static int -krb5_ui_method_read_string(UI *ui, UI_STRING *uis) -{ - char *buffer; - size_t length; - krb5_error_code ret; - krb5_prompt prompt; - krb5_data password_data; - struct krb5_ui_data *ui_data; - - ui_data = (struct krb5_ui_data *)UI_get_app_data(ui); - - switch (UI_get_string_type(uis)) { - case UIT_INFO: - case UIT_ERROR: - /* looks like the RedHat pam_prompter might handle - * INFO and ERROR, Will see what happens */ - case UIT_VERIFY: - case UIT_PROMPT: - length = UI_get_result_maxsize(uis); - buffer = malloc(length); - if (buffer == NULL) { - krb5_set_error_string(ui_data->context, "malloc: out of memory"); - return 0; - } - password_data.data = buffer; - password_data.length = length; - - prompt.prompt = UI_get0_output_string(uis); - prompt.hidden = !(UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO); - prompt.reply = &password_data; - prompt.type = KRB5_PROMPT_TYPE_PASSWORD; - - ret = (*ui_data->prompter)(ui_data->context, - ui_data->prompter_data, - NULL, NULL, 1, &prompt); - if (ret == 0) { - buffer[length - 1] = '\0'; - UI_set_result(ui, uis, password_data.data); - - /* - * RedHat pam_krb5 pam_prompter does a strdup but others - * may copy into buffer. XXX should we just leak the - * memory instead ? - */ - - if (buffer != password_data.data) - free(password_data.data); - memset (buffer, 0, length); - free(buffer); - return 1; - } - memset (buffer, 0, length); - free(buffer); - break; - case UIT_NONE: - case UIT_BOOLEAN: - /* XXX for now do not handle */ - break; - - } - return 0; -} - static krb5_error_code -set_digest_alg(DigestAlgorithmIdentifier *id, - const heim_oid *oid, - void *param, size_t length) -{ - krb5_error_code ret; - if (param) { - id->parameters = malloc(sizeof(*id->parameters)); - if (id->parameters == NULL) - return ENOMEM; - id->parameters->data = malloc(length); - if (id->parameters->data == NULL) { - free(id->parameters); - id->parameters = NULL; - return ENOMEM; - } - memcpy(id->parameters->data, param, length); - id->parameters->length = length; - } else - id->parameters = NULL; - ret = copy_oid(oid, &id->algorithm); - if (ret) { - if (id->parameters) { - free(id->parameters->data); - free(id->parameters); - id->parameters = NULL; - } - return ret; - } - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_create_sign(krb5_context context, const heim_oid *eContentType, krb5_data *eContent, struct krb5_pk_identity *id, krb5_data *sd_data) { - SignerInfo *signer_info; - X509 *user_cert; - heim_integer *serial; - krb5_error_code ret; - krb5_data buf; - SignedData sd; - EVP_MD_CTX md; - int i; - unsigned len; - size_t size; - - X509_NAME *issuer_name; - - memset(&sd, 0, sizeof(sd)); - - if (id == NULL) - return HEIM_PKINIT_NO_CERTIFICATE; - if (id->cert == NULL) - return HEIM_PKINIT_NO_CERTIFICATE; - if (id->private_key == NULL) - return HEIM_PKINIT_NO_PRIVATE_KEY; - - if (sk_X509_num(id->cert) == 0) - return HEIM_PKINIT_NO_CERTIFICATE; - - sd.version = 3; - - sd.digestAlgorithms.len = 0; - sd.digestAlgorithms.val = NULL; - copy_oid(eContentType, &sd.encapContentInfo.eContentType); - ALLOC(sd.encapContentInfo.eContent, 1); - if (sd.encapContentInfo.eContent == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ret = krb5_data_copy(&buf, eContent->data, eContent->length); - if (ret) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - sd.encapContentInfo.eContent->data = buf.data; - sd.encapContentInfo.eContent->length = buf.length; - - ALLOC_SEQ(&sd.signerInfos, 1); - if (sd.signerInfos.val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - - signer_info = &sd.signerInfos.val[0]; - - user_cert = sk_X509_value(id->cert, 0); - if (user_cert == NULL) { - krb5_set_error_string(context, "pkinit: no user certificate"); - ret = HEIM_PKINIT_NO_CERTIFICATE; - goto out; - } - - signer_info->version = 1; - - issuer_name = X509_get_issuer_name(user_cert); - - OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, - buf.data, - buf.length, - issuer_name, - ret); - if (ret) { - krb5_set_error_string(context, "pkinit: failed encoding name"); - goto out; - } - ret = decode_Name(buf.data, buf.length, - &signer_info->sid.u.issuerAndSerialNumber.issuer, - NULL); - free(buf.data); - if (ret) { - krb5_set_error_string(context, "pkinit: failed to parse Name"); - goto out; - } - signer_info->sid.element = choice_CMSIdentifier_issuerAndSerialNumber; - - serial = &signer_info->sid.u.issuerAndSerialNumber.serialNumber; - { - ASN1_INTEGER *isn = X509_get_serialNumber(user_cert); - BIGNUM *bn = ASN1_INTEGER_to_BN(isn, NULL); - if (bn == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "pkinit: failed allocating " - "serial number"); - goto out; - } - ret = BN_to_integer(context, bn, serial); - BN_free(bn); - if (ret) { - krb5_set_error_string(context, "pkinit: failed encoding " - "serial number"); - goto out; - } - } - - ret = set_digest_alg(&signer_info->digestAlgorithm, - oid_id_secsig_sha_1(), "\x05\x00", 2); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - goto out; - } - - signer_info->signedAttrs = NULL; - signer_info->unsignedAttrs = NULL; - - copy_oid(oid_id_pkcs1_rsaEncryption(), - &signer_info->signatureAlgorithm.algorithm); - signer_info->signatureAlgorithm.parameters = NULL; - - buf.data = malloc(EVP_PKEY_size(id->private_key)); - if (buf.data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - - EVP_SignInit(&md, EVP_sha1()); - EVP_SignUpdate(&md, - sd.encapContentInfo.eContent->data, - sd.encapContentInfo.eContent->length); - ret = EVP_SignFinal(&md, buf.data, &len, id->private_key); - if (ret != 1) { - free(buf.data); - krb5_set_error_string(context, "PKINIT: failed to sign with " - "private key: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = EINVAL; - goto out; - } - - signer_info->signature.data = buf.data; - signer_info->signature.length = len; - - ALLOC_SEQ(&sd.digestAlgorithms, 1); - if (sd.digestAlgorithms.val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ret = set_digest_alg(&sd.digestAlgorithms.val[0], - oid_id_secsig_sha_1(), "\x05\x00", 2); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - goto out; - } + hx509_cert cert; + hx509_query *q; + int ret; - ALLOC(sd.certificates, 1); - if (sd.certificates == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } + ret = hx509_query_alloc(id->hx509ctx, &q); + if (ret) + return ret; - i = sk_X509_num(id->cert); - sd.certificates->val = malloc(sizeof(sd.certificates->val[0]) * i); - if (sd.certificates->val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - sd.certificates->len = i; - - for (i = 0; i < sk_X509_num(id->cert); i++) { - OPENSSL_ASN1_MALLOC_ENCODE(X509, - sd.certificates->val[i].data, - sd.certificates->val[i].length, - sk_X509_value(id->cert, i), - ret); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - } + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - ASN1_MALLOC_ENCODE(SignedData, sd_data->data, sd_data->length, - &sd, &size, ret); - if (ret) { - krb5_set_error_string(context, "SignedData failed %d", ret); - goto out; - } - if (sd_data->length != size) - krb5_abortx(context, "internal ASN1 encoder error"); + ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert); + hx509_query_free(id->hx509ctx, q); + if (ret) + return ret; - out: - free_SignedData(&sd); + ret = hx509_cms_create_signed_1(id->hx509ctx, + eContentType, + eContent->data, + eContent->length, + NULL, + cert, + NULL, + NULL, + sd_data); + hx509_cert_free(cert); return ret; } @@ -813,230 +509,23 @@ _krb5_pk_mk_padata(krb5_context context, } else type = COMPAT_IETF; - return pk_mk_padata(context, type, ctx, req_body, nonce, md); -} + ctx->require_eku = + krb5_config_get_bool_default(context, NULL, + TRUE, + "realms", + req_body->realm, + "pkinit_require_eku", + NULL); + ctx->require_krbtgt_otherName = + krb5_config_get_bool_default(context, NULL, + TRUE, + "realms", + req_body->realm, + "pkinit_require_krbtgt_otherName", + NULL); -static krb5_boolean -pk_peer_compare(krb5_context context, - const SignerIdentifier *peer1, - X509 *peer2) -{ - switch (peer1->element) { - case choice_CMSIdentifier_issuerAndSerialNumber: { - ASN1_INTEGER *i; - const heim_integer *serial; - X509_NAME *name; - unsigned char *p; - size_t len; - - i = X509_get_serialNumber(peer2); - serial = &peer1->u.issuerAndSerialNumber.serialNumber; - - if (i->length != serial->length || - memcmp(i->data, serial->data, i->length) != 0) - return FALSE; - - p = peer1->u.issuerAndSerialNumber.issuer._save.data; - len = peer1->u.issuerAndSerialNumber.issuer._save.length; - name = d2i_X509_NAME(NULL, &p, len); - if (name == NULL) - return FALSE; - - if (X509_NAME_cmp(name, X509_get_issuer_name(peer2)) != 0) { - X509_NAME_free(name); - return FALSE; - } - X509_NAME_free(name); - break; - } - case choice_CMSIdentifier_subjectKeyIdentifier: - return FALSE; - default: - return FALSE; - } - return TRUE; -} -static krb5_error_code -pk_decrypt_key(krb5_context context, - heim_octet_string *encrypted_key, - EVP_PKEY *priv_key, - krb5_keyblock *key) -{ - int ret; - unsigned char *buf; - - buf = malloc(EVP_PKEY_size(priv_key)); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = EVP_PKEY_decrypt(buf, - encrypted_key->data, - encrypted_key->length, - priv_key); - if (ret <= 0) { - free(buf); - krb5_set_error_string(context, "Can't decrypt key: %s", - ERR_error_string(ERR_get_error(), NULL)); - return ENOMEM; - } - - key->keytype = 0; - key->keyvalue.length = ret; - key->keyvalue.data = malloc(ret); - if (key->keyvalue.data == NULL) { - free(buf); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(key->keyvalue.data, buf, ret); - free(buf); - return 0; -} - - -static krb5_error_code -pk_verify_chain_standard(krb5_context context, - struct krb5_pk_identity *id, - const SignerIdentifier *client, - STACK_OF(X509) *chain, - X509 **client_cert) -{ - X509_STORE *cert_store = NULL; - X509_STORE_CTX *store_ctx = NULL; - X509 *cert = NULL; - int i; - int ret; - - ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; - for (i = 0; i < sk_X509_num(chain); i++) { - cert = sk_X509_value(chain, i); - if (pk_peer_compare(context, client, cert) == TRUE) { - ret = 0; - break; - } - } - if (ret) { - krb5_set_error_string(context, "PKINIT: verify chain failed " - "to find client in chain"); - return ret; - } - - cert_store = X509_STORE_new(); - if (cert_store == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "PKINIT: can't create X509 store: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - - store_ctx = X509_STORE_CTX_new(); - if (store_ctx == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, - "PKINIT: can't create X509 store ctx: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto end; - } - - X509_STORE_CTX_init(store_ctx, cert_store, cert, chain); - X509_STORE_CTX_trusted_stack(store_ctx, id->trusted_certs); - X509_verify_cert(store_ctx); - /* the last checked certificate is in store_ctx->current_cert */ - krb5_clear_error_string(context); - switch(store_ctx->error) { - case X509_V_OK: - ret = 0; - break; - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - ret = KRB5_KDC_ERR_CANT_VERIFY_CERTIFICATE; - krb5_set_error_string(context, "PKINIT: failed to verify " - "certificate: %s ", - X509_verify_cert_error_string(store_ctx->error)); - break; - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_CERT_HAS_EXPIRED: - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - krb5_set_error_string(context, "PKINIT: invalid certificate: %s ", - X509_verify_cert_error_string(store_ctx->error)); - break; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - case X509_V_ERR_INVALID_CA: - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - krb5_set_error_string(context, "PKINIT: unknown CA or can't " - "verify certificate: %s", - X509_verify_cert_error_string(store_ctx->error)); - break; - default: - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; /* XXX */ - krb5_set_error_string(context, "PKINIT: failed to verify " - "certificate: %s (%ld) ", - X509_verify_cert_error_string(store_ctx->error), - (long)store_ctx->error); - break; - } - if (ret) - goto end; - - /* - * Since X509_verify_cert() doesn't do CRL checking at all, we have to - * perform own verification against CRLs - */ - /* - * XXX add crl checking - */ - - if (client_cert && cert) - *client_cert = X509_dup(cert); - - end: - if (cert_store) - X509_STORE_free(cert_store); - if (store_ctx) - X509_STORE_CTX_free(store_ctx); - return ret; -} - -static int -cert_to_X509(krb5_context context, CertificateSet *set, - STACK_OF(X509_CRL) **certs) -{ - krb5_error_code ret; - int i; - - *certs = sk_X509_new_null(); - - if (set == NULL) - return 0; - - ret = 0; - for (i = 0; i < set->len; i++) { - unsigned char *p; - X509 *cert; - - p = set->val[i].data; - cert = d2i_X509(NULL, &p, set->val[i].length); - if (cert == NULL) { - ret = ASN1_BAD_FORMAT; - break; - } - sk_X509_insert(*certs, cert, i); - } - if (ret) { - krb5_set_error_string(context, - "PKINIT: Failed to decode certificate chain"); - sk_X509_free(*certs); - *certs = NULL; - } - return ret; + return pk_mk_padata(context, type, ctx, req_body, nonce, md); } krb5_error_code KRB5_LIB_FUNCTION @@ -1048,144 +537,67 @@ _krb5_pk_verify_sign(krb5_context context, krb5_data *content, struct krb5_pk_cert **signer) { - STACK_OF(X509) *certificates; - SignerInfo *signer_info; - const EVP_MD *evp_type; - EVP_PKEY *public_key; - krb5_error_code ret; - EVP_MD_CTX md; - X509 *cert = NULL; - SignedData sd; - size_t size; - - *signer = NULL; - krb5_data_zero(content); - contentType->length = 0; - contentType->components = NULL; - - memset(&sd, 0, sizeof(sd)); - - ret = decode_SignedData(data, length, &sd, &size); - if (ret) { - krb5_set_error_string(context, - "PKINIT: decoding failed SignedData: %d", - ret); - goto out; - } - - if (sd.encapContentInfo.eContent == NULL) { - krb5_set_error_string(context, - "PKINIT: signature missing encapContent"); - ret = KRB5KRB_AP_ERR_MSG_TYPE; - goto out; - } - - /* XXX Check CMS version */ - - if (sd.signerInfos.len < 1) { - krb5_set_error_string(context, - "PKINIT: signature information missing from " - "pkinit response"); - ret = KRB5_KDC_ERR_INVALID_SIG; - goto out; - } - - signer_info = &sd.signerInfos.val[0]; - - { - CertificateSet set; - set.val = sd.certificates->val; - set.len = sd.certificates->len; + hx509_certs signer_certs; + int ret; - ret = cert_to_X509(context, &set, &certificates); - } - if (ret) { - krb5_set_error_string(context, - "PKINIT: failed to decode Certificates"); - goto out; - } + *signer = NULL; - ret = pk_verify_chain_standard(context, id, - &signer_info->sid, - certificates, - &cert); - sk_X509_free(certificates); + ret = hx509_cms_verify_signed(id->hx509ctx, + id->verify_ctx, + data, + length, + id->certpool, + contentType, + content, + &signer_certs); if (ret) - goto out; - - if (signer_info->signature.length == 0) { - free_SignedData(&sd); - X509_free(cert); - krb5_set_error_string(context, "PKINIT: signature missing from" - "pkinit response"); - return KRB5_KDC_ERR_INVALID_SIG; - } - - public_key = X509_get_pubkey(cert); - - /* verify signature */ - if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, - oid_id_pkcs1_sha1WithRSAEncryption()) == 0) - evp_type = EVP_sha1(); - else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, - oid_id_pkcs1_md5WithRSAEncryption()) == 0) - evp_type = EVP_md5(); - else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, - oid_id_secsig_sha_1()) == 0) - evp_type = EVP_sha1(); - else { - X509_free(cert); - krb5_set_error_string(context, "PKINIT: The requested digest " - "algorithm is not supported"); - ret = KRB5_KDC_ERR_INVALID_SIG; - goto out; - } - - EVP_VerifyInit(&md, evp_type); - EVP_VerifyUpdate(&md, - sd.encapContentInfo.eContent->data, - sd.encapContentInfo.eContent->length); - ret = EVP_VerifyFinal(&md, - signer_info->signature.data, - signer_info->signature.length, - public_key); - if (ret != 1) { - X509_free(cert); - krb5_set_error_string(context, "PKINIT: signature didn't verify: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = KRB5_KDC_ERR_INVALID_SIG; - goto out; - } - - ret = copy_oid(&sd.encapContentInfo.eContentType, contentType); - if (ret) { - krb5_clear_error_string(context); - goto out; - } + return ret; - content->data = malloc(sd.encapContentInfo.eContent->length); - if (content->data == NULL) { + *signer = calloc(1, sizeof(**signer)); + if (*signer == NULL) { krb5_clear_error_string(context); ret = ENOMEM; goto out; } - content->length = sd.encapContentInfo.eContent->length; - memcpy(content->data,sd.encapContentInfo.eContent->data,content->length); + + /* XXX */ + { + hx509_cursor cursor; - *signer = malloc(sizeof(**signer)); - if (*signer == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; + ret = hx509_certs_start_seq(id->hx509ctx, + signer_certs, + &cursor); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + ret = hx509_certs_next_cert(id->hx509ctx, + signer_certs, + cursor, + &(*signer)->cert); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + ret = hx509_certs_end_seq(id->hx509ctx, + signer_certs, + cursor); + if (ret) { + krb5_clear_error_string(context); + goto out; + } } - (*signer)->cert = cert; - out: - free_SignedData(&sd); +out: + hx509_certs_free(&signer_certs); if (ret) { - free_oid(contentType); - krb5_data_free(content); + if (*signer) { + hx509_cert_free((*signer)->cert); + free(*signer); + *signer = NULL; + } } + return ret; } @@ -1297,10 +709,60 @@ get_reply_key(krb5_context context, static krb5_error_code -pk_verify_host(krb5_context context, struct krb5_pk_cert *host) +pk_verify_host(krb5_context context, + struct krb5_pk_init_ctx_data *ctx, + struct krb5_pk_cert *host) { - /* XXX */ - return 0; + krb5_error_code ret = 0; + + if (ctx->require_eku) { + ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, + oid_id_pkkdcekuoid(), 0); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + } + if (ctx->require_krbtgt_otherName) { + hx509_octet_string_list list; + krb5_error_code ret; + int i; + + ret = hx509_cert_find_subjectAltName_otherName(host->cert, + oid_id_pkinit_san(), + &list); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + + for (i = 0; i < list.len; i++) { + KRB5PrincipalName r; + ret = decode_KRB5PrincipalName(list.val[i].data, + list.val[i].length, + &r, + NULL); + if (ret) { + krb5_clear_error_string(context); + break; + } + +#if 0 + if (r.principalName.name.len != 2) { + krb5_clear_error_string(context); + ret = EINVAL; + } +#endif + /* XXX verify realm */ + + free_KRB5PrincipalName(&r); + if (ret) + break; + } + hx509_free_octet_string_list(&list); + } + + return ret; } static krb5_error_code @@ -1316,33 +778,12 @@ pk_rd_pa_reply_enckey(krb5_context context, krb5_keyblock **key) { krb5_error_code ret; - EnvelopedData ed; - krb5_keyblock tmp_key; - krb5_crypto crypto; - krb5_data plain; - KeyTransRecipientInfo *ri; - int length; + struct krb5_pk_cert *host = NULL; size_t size; - X509 *user_cert; + int length; void *p; - krb5_boolean bret; krb5_data content; heim_oid contentType = { 0, NULL }; - struct krb5_pk_cert *host = NULL; - heim_octet_string encryptedContent; - heim_octet_string *any; - krb5_data ivec; - krb5_data params; - - - memset(&tmp_key, 0, sizeof(tmp_key)); - memset(&ed, 0, sizeof(ed)); - krb5_data_zero(&plain); - krb5_data_zero(&content); - krb5_data_zero(&encryptedContent); - krb5_data_zero(&ivec); - - user_cert = sk_X509_value(ctx->id->cert, 0); if (heim_oid_cmp(oid_id_pkcs7_envelopedData(), &rep->contentType)) { krb5_set_error_string(context, "PKINIT: Invalid content type"); @@ -1354,106 +795,17 @@ pk_rd_pa_reply_enckey(krb5_context context, return EINVAL; } - ret = decode_EnvelopedData(rep->content->data, + ret = hx509_cms_unenvelope(ctx->id->hx509ctx, + ctx->id->certs, + rep->content->data, rep->content->length, - &ed, - &size); - if (ret) { - free_EnvelopedData(&ed); - return ret; - } - - if (ed.recipientInfos.len != 1) { - free_EnvelopedData(&ed); - krb5_set_error_string(context, "pkinit: Number of recipient infos " - "not one (%d)", - ed.recipientInfos.len); - return EINVAL; /* XXX */ - } - - ri = &ed.recipientInfos.val[0]; - - /* XXX make SignerIdentifier and RecipientIdentifier the same */ - bret = pk_peer_compare(context, (SignerIdentifier *)&ri->rid, user_cert); - if (bret == FALSE) { - ret = KRB5KRB_AP_ERR_BADMATCH; /* XXX */ - goto out; - } - - if (heim_oid_cmp(oid_id_pkcs1_rsaEncryption(), - &ri->keyEncryptionAlgorithm.algorithm)) { - krb5_set_error_string(context, "PKINIT: invalid content type"); - return EINVAL; - } - - ret = pk_decrypt_key(context, &ri->encryptedKey, - ctx->id->private_key, &tmp_key); - if (ret) - goto out; - - - /* - * Try to verify content type. We can't do this for W2K case - * because W2K/W2K3 sends id-pkcs7-data, but Windows Vista sends - * id-pkcs7-signedData to all versions, even W2K clients. - */ - - if (type != COMPAT_WIN2K) { - if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_signedData())) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; - goto out; - } - } - - if (ed.encryptedContentInfo.encryptedContent == NULL) { - krb5_set_error_string(context, "PKINIT: OPTIONAL encryptedContent " - "field not filled in in KDC reply"); - ret = KRB5_BADMSGTYPE; - goto out; - } - - any = ed.encryptedContentInfo.encryptedContent; - ret = der_get_octet_string(any->data, any->length, - &encryptedContent, NULL); - if (ret) { - krb5_set_error_string(context, - "PKINIT: encryptedContent content invalid"); - goto out; - } - - if (ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters == NULL){ - krb5_set_error_string(context, - "PKINIT: encryptedContent parameter missing"); - ret = KRB5_BADMSGTYPE; - goto out; - } - - params.data = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->data; - params.length = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->length; - - ret = _krb5_oid_to_enctype(context, - &ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm, - &tmp_key.keytype); - if (ret) - goto out; - - ret = krb5_crypto_init(context, &tmp_key, 0, &crypto); - if (ret) - goto out; - - ret = krb5_crypto_get_params(context, crypto, ¶ms, &ivec); + &contentType, + &content); if (ret) - goto out; - - ret = krb5_decrypt_ivec(context, crypto, - 0, - encryptedContent.data, - encryptedContent.length, - &plain, - ivec.data); + return ret; - p = plain.data; - length = plain.length; + p = content.data; + length = content.length; /* win2k uses ContentInfo */ if (type == COMPAT_WIN2K) { @@ -1472,6 +824,13 @@ pk_rd_pa_reply_enckey(krb5_context context, krb5_set_error_string(context, "PKINIT: Invalid content type"); goto out; } + if (ci.content == NULL) { + ret = EINVAL; /* XXX */ + krb5_set_error_string(context, "PKINIT: Invalid content type"); + goto out; + } + krb5_data_free(&content); + content = *ci.content; p = ci.content->data; length = ci.content->length; } @@ -1487,7 +846,7 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; /* make sure that it is the kdc's certificate */ - ret = pk_verify_host(context, host); + ret = pk_verify_host(context, ctx, host); if (ret) { krb5_set_error_string(context, "PKINIT: failed verify host: %d", ret); goto out; @@ -1528,11 +887,7 @@ pk_rd_pa_reply_enckey(krb5_context context, if (host) _krb5_pk_cert_free(host); free_oid(&contentType); - free_octet_string(&encryptedContent); krb5_data_free(&content); - krb5_free_keyblock_contents(context, &tmp_key); - krb5_data_free(&plain); - krb5_data_free(&ivec); return ret; } @@ -1550,7 +905,6 @@ pk_rd_pa_reply_dh(krb5_context context, krb5_keyblock **key) { unsigned char *p, *dh_gen_key = NULL; - ASN1_INTEGER *dh_pub_key = NULL; struct krb5_pk_cert *host = NULL; BIGNUM *kdc_dh_pubkey = NULL; KDCDHKeyInfo kdc_dh_info; @@ -1584,7 +938,7 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; /* make sure that it is the kdc's certificate */ - ret = pk_verify_host(context, host); + ret = pk_verify_host(context, ctx, host); if (ret) goto out; @@ -1623,7 +977,7 @@ pk_rd_pa_reply_dh(krb5_context context, } } else { if (k_n) { - krb5_set_error_string(context, "pkinit; got server nonce " + krb5_set_error_string(context, "pkinit: got server nonce " "without key expiration"); ret = KRB5KRB_ERR_GENERIC; goto out; @@ -1634,22 +988,24 @@ pk_rd_pa_reply_dh(krb5_context context, p = kdc_dh_info.subjectPublicKey.data; size = (kdc_dh_info.subjectPublicKey.length + 7) / 8; - dh_pub_key = d2i_ASN1_INTEGER(NULL, &p, size); - if (dh_pub_key == NULL) { - krb5_set_error_string(context, - "PKINIT: Can't parse KDC's DH public key"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - kdc_dh_pubkey = ASN1_INTEGER_to_BN(dh_pub_key, NULL); - if (kdc_dh_pubkey == NULL) { - krb5_set_error_string(context, - "PKINIT: Can't convert KDC's DH public key"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } + { + DHPublicKey k; + ret = decode_DHPublicKey(p, size, &k, NULL); + if (ret) { + krb5_set_error_string(context, "pkinit: can't decode " + "without key expiration"); + goto out; + } + kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k); + free_DHPublicKey(&k); + if (kdc_dh_pubkey == NULL) { + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + } + dh_gen_keylen = DH_size(ctx->dh); size = BN_num_bytes(ctx->dh->p); if (size < dh_gen_keylen) @@ -1667,8 +1023,7 @@ pk_rd_pa_reply_dh(krb5_context context, kdc_dh_pubkey, ctx->dh); if (dh_gen_keylen == -1) { krb5_set_error_string(context, - "PKINIT: Can't compute Diffie-Hellman key (%s)", - ERR_error_string(ERR_get_error(), NULL)); + "PKINIT: Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; goto out; } @@ -1700,8 +1055,6 @@ pk_rd_pa_reply_dh(krb5_context context, memset(dh_gen_key, 0, DH_size(ctx->dh)); free(dh_gen_key); } - if (dh_pub_key) - ASN1_INTEGER_free(dh_pub_key); if (host) _krb5_pk_cert_free(host); if (content.data) @@ -1726,7 +1079,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, ContentInfo ci; size_t size; - /* Check for PK-INIT -27 */ + /* Check for IETF PK-INIT first */ if (pa->padata_type == KRB5_PADATA_PK_AS_REP) { PA_PK_AS_REP rep; @@ -1747,7 +1100,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &size); if (ret) { krb5_set_error_string(context, - "PKINIT: -25 decoding failed DH " + "PKINIT: decoding failed DH " "ContentInfo: %d", ret); free_PA_PK_AS_REP(&rep); @@ -1821,7 +1174,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; } ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx, - etype, hi, nonce, NULL, pa, key); + etype, hi, nonce, req_buffer, pa, key); free_ContentInfo(&ci); break; default: @@ -1837,598 +1190,158 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; } -static int -ssl_pass_cb(char *buf, int size, int rwflag, void *u) +struct prompter { + krb5_context context; + krb5_prompter_fct prompter; + void *prompter_data; +}; + +static int +hx_pass_prompter(void *data, const hx509_prompt *prompter) { krb5_error_code ret; krb5_prompt prompt; krb5_data password_data; - krb5_prompter_fct prompter = u; + struct prompter *p = data; - password_data.data = buf; - password_data.length = size; + password_data.data = prompter->reply->data; + password_data.length = prompter->reply->length; prompt.prompt = "Enter your private key passphrase: "; prompt.hidden = 1; prompt.reply = &password_data; - prompt.type = KRB5_PROMPT_TYPE_PASSWORD; + if (prompter->hidden) + prompt.type = KRB5_PROMPT_TYPE_PASSWORD; + else + prompt.type = KRB5_PROMPT_TYPE_PREAUTH; /* XXX */ - ret = (*prompter)(NULL, NULL, NULL, NULL, 1, &prompt); + ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt); if (ret) { - memset (buf, 0, size); + memset (prompter->reply->data, 0, prompter->reply->length); return 0; } - return strlen(buf); -} - -static krb5_error_code -load_openssl_cert(krb5_context context, - const char *file, - STACK_OF(X509) **c) -{ - STACK_OF(X509) *certificate; - krb5_error_code ret; - FILE *f; - - f = fopen(file, "r"); - if (f == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open failed %s: %s", - file, strerror(ret)); - return ret; - } - - certificate = sk_X509_new_null(); - while (1) { - /* see http://www.openssl.org/docs/crypto/pem.html section BUGS */ - X509 *cert; - cert = PEM_read_X509(f, NULL, NULL, NULL); - if (cert == NULL) { - if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) { - /* End of file reached. no error */ - ERR_clear_error(); - break; - } - krb5_set_error_string(context, "PKINIT: Can't read certificate"); - fclose(f); - return HEIM_PKINIT_CERTIFICATE_INVALID; - } - sk_X509_insert(certificate, cert, sk_X509_num(certificate)); - } - fclose(f); - if (sk_X509_num(certificate) == 0) { - krb5_set_error_string(context, "PKINIT: No certificate found"); - return HEIM_PKINIT_NO_CERTIFICATE; - } - *c = certificate; - return 0; -} - -static krb5_error_code -load_openssl_file(krb5_context context, - char *password, - krb5_prompter_fct prompter, - void *prompter_data, - const char *user_id, - struct krb5_pk_identity *id) -{ - krb5_error_code ret; - STACK_OF(X509) *certificate = NULL; - char *cert_file = NULL, *key_file; - EVP_PKEY *private_key = NULL; - FILE *f; - - cert_file = strdup(user_id); - if (cert_file == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - key_file = strchr(cert_file, ','); - if (key_file == NULL) { - krb5_set_error_string(context, "PKINIT: key file missing"); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - *key_file++ = '\0'; - - ret = load_openssl_cert(context, cert_file, &certificate); - if (ret) - goto out; - - /* load private key */ - f = fopen(key_file, "r"); - if (f == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open %s: %s", - key_file, strerror(ret)); - goto out; - } - if (password == NULL || password[0] == '\0') { - if (prompter == NULL) - prompter = krb5_prompter_posix; - private_key = PEM_read_PrivateKey(f, NULL, ssl_pass_cb, prompter); - } else - private_key = PEM_read_PrivateKey(f, NULL, NULL, password); - fclose(f); - if (private_key == NULL) { - krb5_set_error_string(context, "PKINIT: Can't read private key"); - ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; - goto out; - } - ret = X509_check_private_key(sk_X509_value(certificate, 0), private_key); - if (ret != 1) { - ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; - krb5_set_error_string(context, - "PKINIT: The private key doesn't match " - "the public key certificate"); - goto out; - } - - id->private_key = private_key; - id->cert = certificate; - - return 0; - out: - if (cert_file) - free(cert_file); - if (certificate) - sk_X509_pop_free(certificate, X509_free); - if (private_key) - EVP_PKEY_free(private_key); - - return ret; -} - -static int -add_pair(krb5_context context, char *str, char ***cmds, int *num) -{ - char **c; - char *p; - int i; - - p = strchr(str, ':'); - if (p) { - *p = '\0'; - p++; - } - - /* filter out dup keys */ - for (i = 0; i < *num; i++) - if (strcmp((*cmds)[i * 2], str) == 0) - return 0; - - c = realloc(*cmds, sizeof(*c) * ((*num + 1) * 2)); - if (c == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - c[(*num * 2)] = str; - c[(*num * 2) + 1] = p; - *num += 1; - *cmds = c; - return 0; -} - -static krb5_error_code -eval_pairs(krb5_context context, ENGINE *e, const char *name, - const char *type, char **cmds, int num) -{ - int i; - - for (i = 0; i < num; i++) { - char *a1 = cmds[i * 2], *a2 = cmds[(i * 2) + 1]; - if(!ENGINE_ctrl_cmd_string(e, a1, a2, 0)) { - krb5_set_error_string(context, - "PKINIT: Failed %scommand (%s - %s:%s): %s", - type, name, a1, a2 ? a2 : "(NULL)", - ERR_error_string(ERR_get_error(), NULL)); - return HEIM_PKINIT_NO_PRIVATE_KEY; - } - } - return 0; -} - -struct engine_context { - char **pre_cmds; - char **post_cmds; - int num_pre; - int num_post; - char *engine_name; - char *cert_file; - char *key_id; -}; - -static krb5_error_code -parse_openssl_engine_conf(krb5_context context, - struct engine_context *ctx, - char *line) -{ - krb5_error_code ret; - char *last, *p, *q; - - for (p = strtok_r(line, ",", &last); - p != NULL; - p = strtok_r(NULL, ",", &last)) { - - q = strchr(p, '='); - if (q == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine configuration " - "key %s missing = and thus value", p); - return HEIM_PKINIT_NO_PRIVATE_KEY; - } - *q = '\0'; - q++; - if (strcasecmp("PRE", p) == 0) { - ret = add_pair(context, q, &ctx->pre_cmds, &ctx->num_pre); - if (ret) - return ret; - } else if (strcasecmp("POST", p) == 0) { - ret = add_pair(context, q, &ctx->post_cmds, &ctx->num_post); - if (ret) - return ret; - } else if (strcasecmp("KEY", p) == 0) { - ctx->key_id = q; - } else if (strcasecmp("CERT", p) == 0) { - ctx->cert_file = q; - } else if (strcasecmp("ENGINE", p) == 0) { - ctx->engine_name = q; - } else { - krb5_set_error_string(context, - "PKINIT: openssl engine configuration " - "key %s is unknown", p); - return HEIM_PKINIT_NO_PRIVATE_KEY; - } - } - return 0; -} - - -static krb5_error_code -load_openssl_engine(krb5_context context, - char *password, - krb5_prompter_fct prompter, - void *prompter_data, - const char *string, - struct krb5_pk_identity *id) -{ - struct engine_context ctx; - krb5_error_code ret; - const char *f; - char *file_conf = NULL, *user_conf = NULL; - ENGINE *e = NULL; - - memset(&ctx, 0, sizeof(ctx)); - - ENGINE_load_builtin_engines(); - - user_conf = strdup(string); - if (user_conf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - ret = parse_openssl_engine_conf(context, &ctx, user_conf); - if (ret) - goto out; - - f = krb5_config_get_string_default(context, NULL, NULL, - "libdefaults", - "pkinit-openssl-engine", - NULL); - if (f) { - file_conf = strdup(f); - if (file_conf) { - ret = parse_openssl_engine_conf(context, &ctx, file_conf); - if (ret) - goto out; - } - } - - if (ctx.cert_file == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine missing certificate"); - ret = HEIM_PKINIT_NO_CERTIFICATE; - goto out; - } - if (ctx.key_id == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine missing key id"); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - if (ctx.engine_name == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine missing engine name"); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - - e = ENGINE_by_id(ctx.engine_name); - if (e == NULL) { - krb5_set_error_string(context, - "PKINIT: failed getting openssl engine %s: %s", - ctx.engine_name, - ERR_error_string(ERR_get_error(), NULL)); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - - ret = eval_pairs(context, e, ctx.engine_name, "pre", - ctx.pre_cmds, ctx.num_pre); - if (ret) - goto out; - - if(!ENGINE_init(e)) { - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - krb5_set_error_string(context, - "PKINIT: openssl engine init %s failed: %s", - ctx.engine_name, - ERR_error_string(ERR_get_error(), NULL)); - ENGINE_free(e); - goto out; - } - - ret = eval_pairs(context, e, ctx.engine_name, "post", - ctx.post_cmds, ctx.num_post); - if (ret) - goto out; - - /* - * If the engine supports a LOAD_CERT_CTRL function, lets try - * it. OpenSC support this function. Eventially this should be - * a ENGINE_load_cert function if it failes, treat it like a - * non fatal error. - */ - { - struct { - const char * cert_id; - X509 * cert; - } parms; - - parms.cert_id = ctx.cert_file; - parms.cert = NULL; - ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); - if (parms.cert) { - id->cert = sk_X509_new_null(); - sk_X509_insert(id->cert, parms.cert, 0); - } - } - - if (id->cert == NULL) { - ret = load_openssl_cert(context, ctx.cert_file, &id->cert); - if (ret) - goto out; - } - - { - UI_METHOD * krb5_ui_method = NULL; - struct krb5_ui_data ui_data; - - krb5_ui_method = UI_create_method("Krb5 ui method"); - if (krb5_ui_method == NULL) { - krb5_set_error_string(context, - "PKINIT: failed to setup prompter " - "function: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - UI_method_set_reader(krb5_ui_method, krb5_ui_method_read_string); - - ui_data.context = context; - ui_data.prompter = prompter; - if (prompter == NULL) - ui_data.prompter = krb5_prompter_posix; - ui_data.prompter_data = prompter_data; - - id->private_key = ENGINE_load_private_key(e, - ctx.key_id, - krb5_ui_method, - (void*) &ui_data); - UI_destroy_method(krb5_ui_method); - } - - if (id->private_key == NULL) { - krb5_set_error_string(context, - "PKINIT: failed to load private key: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - - ret = X509_check_private_key(sk_X509_value(id->cert, 0), id->private_key); - if (ret != 1) { - ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; - krb5_set_error_string(context, - "PKINIT: The private key doesn't match " - "the public key certificate"); - goto out; - } - - if (user_conf) - free(user_conf); - if (file_conf) - free(file_conf); - - id->engine = e; - - return 0; - - out: - if (user_conf) - free(user_conf); - if (file_conf) - free(file_conf); - if (e) { - ENGINE_finish(e); /* make sure all shared libs are unloaded */ - ENGINE_free(e); - } - - return ret; + return strlen(prompter->reply->data); } krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_load_openssl_id(krb5_context context, - struct krb5_pk_identity **ret_id, - const char *user_id, - const char *x509_anchors, - krb5_prompter_fct prompter, - void *prompter_data, - char *password) +_krb5_pk_load_id(krb5_context context, + struct krb5_pk_identity **ret_id, + const char *user_id, + const char *anchor_id, + char * const *chain, + char * const *revoke, + krb5_prompter_fct prompter, + void *prompter_data, + char *password) { - STACK_OF(X509) *trusted_certs = NULL; struct krb5_pk_identity *id = NULL; - krb5_error_code ret; - struct dirent *file; - char *dirname = NULL; - DIR *dir; - FILE *f; - krb5_error_code (*load_pair)(krb5_context, - char *, - krb5_prompter_fct, - void *, - const char *, - struct krb5_pk_identity *) = NULL; - + hx509_lock lock = NULL; + struct prompter p; + int ret; *ret_id = NULL; - if (x509_anchors == NULL) { - krb5_set_error_string(context, "PKINIT: No root ca directory given"); + if (anchor_id == NULL) { + krb5_set_error_string(context, "PKINIT: No anchor given"); return HEIM_PKINIT_NO_VALID_CA; } if (user_id == NULL) { krb5_set_error_string(context, - "PKINIT: No user X509 source given given"); + "PKINIT: No user certificate given"); return HEIM_PKINIT_NO_PRIVATE_KEY; } - /* - * - */ - - if (strncasecmp(user_id, "FILE:", 5) == 0) { - load_pair = load_openssl_file; - user_id += 5; - } else if (strncasecmp(user_id, "ENGINE:", 7) == 0) { - load_pair = load_openssl_engine; - user_id += 7; - } else { - krb5_set_error_string(context, "PKINIT: user identity not FILE"); - return HEIM_PKINIT_NO_CERTIFICATE; - } - if (strncasecmp(x509_anchors, "OPENSSL-ANCHOR-DIR:", 19) != 0) { - krb5_set_error_string(context, "PKINIT: anchor OPENSSL-ANCHOR-DIR"); - return HEIM_PKINIT_NO_VALID_CA; - } - x509_anchors += 19; + /* load cert */ - id = malloc(sizeof(*id)); + id = calloc(1, sizeof(*id)); if (id == NULL) { krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } - memset(id, 0, sizeof(*id)); - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - ret = (*load_pair)(context, password, prompter, prompter_data, user_id, id); + ret = hx509_context_init(&id->hx509ctx); if (ret) goto out; - /* load anchors */ + ret = hx509_lock_init(id->hx509ctx, &lock); + if (password) + hx509_lock_add_password(lock, password); - dirname = strdup(x509_anchors); - if (dirname == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } + if (prompter) { + p.context = context; + p.prompter = prompter; + p.prompter_data = prompter_data; - { - size_t len; - len = strlen(dirname); - if (dirname[len - 1] == '/') - dirname[len - 1] = '\0'; + ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p); + if (ret) + goto out; } - /* read ca certificates */ - dir = opendir(dirname); - if (dir == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open directory %s: %s", - dirname, strerror(ret)); + ret = hx509_certs_init(id->hx509ctx, user_id, 0, NULL, &id->certs); + if (ret) goto out; - } - trusted_certs = sk_X509_new_null(); - while ((file = readdir(dir)) != NULL) { - X509 *cert; - char *filename; + ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors); + if (ret) + goto out; - /* - * Assume the certificate filenames constist of hashed subject - * name followed by suffix ".0" - */ + ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", + 0, NULL, &id->certpool); + if (ret) + goto out; - if (strlen(file->d_name) == 10 && strcmp(&file->d_name[8],".0") == 0) { - asprintf(&filename, "%s/%s", dirname, file->d_name); - if (filename == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "malloc: out or memory"); - goto out; - } - f = fopen(filename, "r"); - if (f == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open %s: %s", - filename, strerror(ret)); - free(filename); - closedir(dir); - goto out; - } - cert = PEM_read_X509(f, NULL, NULL, NULL); - fclose(f); - if (cert != NULL) { - /* order of the certs is not important */ - sk_X509_push(trusted_certs, cert); - } - free(filename); + while (chain && *chain) { + ret = hx509_certs_append(id->hx509ctx, id->certpool, NULL, *chain); + if (ret) { + krb5_set_error_string(context, + "pkinit failed to load chain %s", + *chain); + goto out; } + chain++; } - closedir(dir); - if (sk_X509_num(trusted_certs) == 0) { - krb5_set_error_string(context, - "PKINIT: No CA certificate(s) found in %s", - dirname); - ret = HEIM_PKINIT_NO_VALID_CA; - goto out; - } + if (revoke) { + ret = hx509_revoke_init(id->hx509ctx, &id->revoke); + if (ret) { + krb5_set_error_string(context, "revoke failed to init"); + goto out; + } - id->trusted_certs = trusted_certs; + while (*revoke) { + ret = hx509_revoke_add_crl(id->hx509ctx, id->revoke, *revoke); + if (ret) { + krb5_set_error_string(context, + "pkinit failed to load revoke %s", + *revoke); + goto out; + } + revoke++; + } + } else + hx509_context_set_missing_revoke(id->hx509ctx, 1); - *ret_id = id; + ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); + if (ret) + goto out; - return 0; + hx509_verify_attach_anchors(id->verify_ctx, id->anchors); + hx509_verify_attach_revoke(id->verify_ctx, id->revoke); - out: - if (dirname) - free(dirname); - if (trusted_certs) - sk_X509_pop_free(trusted_certs, X509_free); - if (id) { - if (id->cert) - sk_X509_pop_free(id->cert, X509_free); - if (id->private_key) - EVP_PKEY_free(id->private_key); +out: + if (ret) { + hx509_verify_destroy_ctx(id->verify_ctx); + hx509_certs_free(&id->certs); + hx509_certs_free(&id->anchors); + hx509_certs_free(&id->certpool); + hx509_revoke_free(&id->revoke); + hx509_context_free(&id->hx509ctx); free(id); - } + } else + *ret_id = id; + + hx509_lock_free(lock); return ret; } @@ -2704,17 +1617,12 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) DH_free(ctx->dh); ctx->dh = NULL; if (ctx->id) { - if (ctx->id->cert) - sk_X509_pop_free(ctx->id->cert, X509_free); - if (ctx->id->trusted_certs) - sk_X509_pop_free(ctx->id->trusted_certs, X509_free); - if (ctx->id->private_key) - EVP_PKEY_free(ctx->id->private_key); - if (ctx->id->engine) { - ENGINE_finish(ctx->id->engine); /* unload shared libs etc */ - ENGINE_free(ctx->id->engine); - ctx->id->engine = NULL; - } + hx509_verify_destroy_ctx(ctx->id->verify_ctx); + hx509_certs_free(&ctx->id->certs); + hx509_certs_free(&ctx->id->anchors); + hx509_certs_free(&ctx->id->certpool); + hx509_context_free(&ctx->id->hx509ctx); + if (ctx->clientDHNonce) { krb5_free_data(NULL, ctx->clientDHNonce); ctx->clientDHNonce = NULL; @@ -2734,6 +1642,8 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, krb5_principal principal, const char *user_id, const char *x509_anchors, + char * const * chain, + char * const * revoke, int flags, krb5_prompter_fct prompter, void *prompter_data, @@ -2757,14 +1667,18 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx->id = NULL; opt->opt_private->pk_init_ctx->clientDHNonce = NULL; opt->opt_private->pk_init_ctx->require_binding = 0; - - ret = _krb5_pk_load_openssl_id(context, - &opt->opt_private->pk_init_ctx->id, - user_id, - x509_anchors, - prompter, - prompter_data, - password); + opt->opt_private->pk_init_ctx->require_eku = 1; + opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1; + + ret = _krb5_pk_load_id(context, + &opt->opt_private->pk_init_ctx->id, + user_id, + x509_anchors, + chain, + revoke, + prompter, + prompter_data, + password); if (ret) { free(opt->opt_private->pk_init_ctx); opt->opt_private->pk_init_ctx = NULL; diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 6cc49945cc..34086b1fbe 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $"); +RCSID("$Id: principal.c,v 1.94 2006/04/10 10:10:01 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -105,7 +105,7 @@ parse_name(krb5_context context, { krb5_error_code ret; heim_general_string *comp; - heim_general_string realm; + heim_general_string realm = NULL; int ncomp; const char *p; @@ -246,6 +246,7 @@ exit: free(comp[--n]); } free(comp); + free(realm); free(s); return ret; } @@ -825,16 +826,21 @@ krb5_425_conv_principal_ext2(krb5_context context, struct dns_reply *r; r = dns_lookup(instance, "aaaa"); - if (r && r->head && r->head->type == T_AAAA) { - inst = strdup(r->head->domain); + if (r) { + if (r->head && r->head->type == T_AAAA) { + inst = strdup(r->head->domain); + dns_free_data(r); + passed = TRUE; + } dns_free_data(r); - passed = TRUE; } else { r = dns_lookup(instance, "a"); - if(r && r->head && r->head->type == T_A) { - inst = strdup(r->head->domain); + if (r) { + if(r->head && r->head->type == T_A) { + inst = strdup(r->head->domain); + passed = TRUE; + } dns_free_data(r); - passed = TRUE; } } #else diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index d62adadf26..520b3a1418 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.26 2005/11/02 08:36:42 lha Exp $"); +RCSID("$Id: rd_cred.c,v 1.28 2006/04/02 02:27:33 lha Exp $"); static krb5_error_code compare_addrs(krb5_context context, @@ -257,8 +257,10 @@ krb5_rd_cred(krb5_context context, ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, &cred.tickets.val[i], &len, ret); - if (ret) + if (ret) { + free(creds); goto out; + } if(creds->ticket.length != len) krb5_abortx(context, "internal error in ASN.1 encoder"); copy_EncryptionKey (&kci->key, &creds->session); @@ -302,6 +304,7 @@ krb5_rd_cred(krb5_context context, for(i = 0; (*ret_creds)[i]; i++) krb5_free_creds(context, (*ret_creds)[i]); free(*ret_creds); + *ret_creds = NULL; } return ret; } diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index bf82ad556e..c52ac175fd 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $"); +RCSID("$Id: rd_priv.c,v 1.33 2006/04/12 16:18:10 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -50,8 +50,8 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; - if (outdata) - krb5_data_zero(outdata); + if (outbuf) + krb5_data_zero(outbuf); if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && @@ -161,7 +161,7 @@ krb5_rd_priv(krb5_context context, (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { /* if these fields are not present in the priv-part, silently return zero */ - krb5_data_zero(outdata); + memset(outdata, 0, sizeof(*outdata)); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 313c14f6e6..0d4635b964 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_req.c,v 1.61 2005/11/29 18:22:51 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.63 2006/04/10 10:14:44 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -279,8 +279,10 @@ krb5_verify_authenticator_checksum(krb5_context context, &authenticator); if(ret) return ret; - if(authenticator->cksum == NULL) + if(authenticator->cksum == NULL) { + krb5_free_authenticator(context, &authenticator); return -17; + } ret = krb5_auth_con_getkey(context, ac, &key); if(ret) { krb5_free_authenticator(context, &authenticator); @@ -340,6 +342,9 @@ krb5_verify_ap_req2(krb5_context context, krb5_error_code ret; EtypeList etypes; + if (ticket) + *ticket = NULL; + if (auth_context && *auth_context) { ac = *auth_context; } else { @@ -348,13 +353,12 @@ krb5_verify_ap_req2(krb5_context context, return ret; } - t = malloc(sizeof(*t)); + t = calloc(1, sizeof(*t)); if (t == NULL) { ret = ENOMEM; krb5_clear_error_string (context); goto out; } - memset(t, 0, sizeof(*t)); if (ap_req->ap_options.use_session_key && ac->keyblock){ ret = krb5_decrypt_ticket(context, &ap_req->ticket, @@ -372,14 +376,17 @@ krb5_verify_ap_req2(krb5_context context, if(ret) goto out; - _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, - ap_req->ticket.realm); - _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, - t->ticket.crealm); + ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, + ap_req->ticket.realm); + if (ret) goto out; + ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, + t->ticket.crealm); + if (ret) goto out; /* save key */ - krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); + ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); + if (ret) goto out; ret = decrypt_authenticator (context, &t->ticket.key, diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index ec99f86c7c..b89f150159 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <vis.h> -RCSID("$Id: replay.c,v 1.10 2004/05/25 21:41:15 lha Exp $"); +RCSID("$Id: replay.c,v 1.12 2006/04/10 17:13:49 lha Exp $"); struct krb5_rcache_data { char *name; @@ -58,6 +58,7 @@ krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, const char *type) { + *id = NULL; if(strcmp(type, "FILE")) { krb5_set_error_string (context, "replay cache type %s not supported", type); @@ -77,6 +78,9 @@ krb5_rc_resolve_full(krb5_context context, const char *string_name) { krb5_error_code ret; + + *id = NULL; + if(strncmp(string_name, "FILE:", 5)) { krb5_set_error_string (context, "replay cache type %s not supported", string_name); @@ -86,6 +90,10 @@ krb5_rc_resolve_full(krb5_context context, if(ret) return ret; ret = krb5_rc_resolve(context, *id, string_name + 5); + if (ret) { + krb5_rc_close(context, *id); + *id = NULL; + } return ret; } diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index d3d21aea3f..0bcafa70a1 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.58 2006/04/02 02:32:03 lha Exp $"); struct send_and_recv { krb5_send_and_recv_func_t func; @@ -231,6 +231,7 @@ send_and_recv_http(int fd, s[rep->length] = 0; p = strstr(s, "\r\n\r\n"); if(p == NULL) { + krb5_data_zero(rep); free(s); return -1; } @@ -238,12 +239,14 @@ send_and_recv_http(int fd, rep->data = s; rep->length -= p - s; if(rep->length < 4) { /* remove length */ + krb5_data_zero(rep); free(s); return -1; } rep->length -= 4; _krb5_get_int(p, &rep_len, 4); if (rep_len != rep->length) { + krb5_data_zero(rep); free(s); return -1; } diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 42667765fb..4a567bb379 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c,v 1.50 2005/06/17 04:36:33 lha Exp $"); +RCSID("$Id: store.c,v 1.51 2006/04/07 22:23:20 lha Exp $"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) @@ -420,7 +420,7 @@ krb5_ret_principal(krb5_storage *sp, if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) type = KRB5_NT_UNKNOWN; - else if((ret = krb5_ret_int32(sp, &type))){ + else if((ret = krb5_ret_int32(sp, &type))){ free(p); return ret; } @@ -430,18 +430,31 @@ krb5_ret_principal(krb5_storage *sp, } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) ncomp--; + if (ncomp < 0) { + free(p); + return EINVAL; + } p->name.name_type = type; p->name.name_string.len = ncomp; ret = krb5_ret_string(sp, &p->realm); - if(ret) return ret; + if(ret) { + free(p); + return ret; + } p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val)); - if(p->name.name_string.val == NULL){ + if(p->name.name_string.val == NULL && ncomp != 0){ free(p->realm); return ENOMEM; } for(i = 0; i < ncomp; i++){ ret = krb5_ret_string(sp, &p->name.name_string.val[i]); - if(ret) return ret; /* XXX */ + if(ret) { + while (i >= 0) + free(p->name.name_string.val[i--]); + free(p->realm); + free(p); + return ret; + } } *princ = p; return 0; diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 9e24db0da0..7f18b30c88 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.16 2005/06/17 04:53:35 lha Exp $"); +RCSID("$Id: transited.c,v 1.18 2006/04/10 10:26:35 lha Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -100,8 +100,10 @@ make_path(krb5_context context, struct tr_realm *r, p = from + strlen(from); while(1){ while(p >= from && *p != '/') p--; - if(p == from) + if(p == from) { + r->next = path; /* XXX */ return KRB5KDC_ERR_POLICY; + } if(strncmp(to, from, p - from) == 0) break; tmp = calloc(1, sizeof(*tmp)); @@ -166,10 +168,13 @@ expand_realms(krb5_context context, for(r = realms; r; r = r->next){ if(r->trailing_dot){ char *tmp; - size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + size_t len; if(prev_realm == NULL) prev_realm = client_realm; + + len = strlen(r->realm) + strlen(prev_realm) + 1; + tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index c66b06c09f..dd294c8943 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c,v 1.2 2005/04/24 13:44:02 lha Exp $"); +RCSID("$Id: v4_glue.c,v 1.3 2006/04/02 01:39:54 lha Exp $"); #include "krb5-v4compat.h" @@ -155,19 +155,20 @@ write_v4_cc(krb5_context context, const char *tkfile, fd = open(path, O_WRONLY|O_CREAT, 0600); if (fd < 0) { - free(path); + ret = errno; krb5_set_error_string(context, "krb5_krb_tf_setup: error opening file %s", path); - return errno; + free(path); + return ret; } if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { - free(path); - close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: tktfile %s is not a file", path); + free(path); + close(fd); return KRB5_FCC_PERM; } @@ -178,11 +179,11 @@ write_v4_cc(krb5_context context, const char *tkfile, break; } if (i == KRB5_TF_LCK_RETRY_COUNT) { - free(path); - close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: failed to lock %s", path); + free(path); + close(fd); return KRB5_FCC_PERM; } @@ -190,11 +191,11 @@ write_v4_cc(krb5_context context, const char *tkfile, ret = ftruncate(fd, 0); if (ret < 0) { flock(fd, LOCK_UN); - free(path); - close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: failed to truncate %s", path); + free(path); + close(fd); return KRB5_FCC_PERM; } } diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 92438a9963..6a14547c62 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -45,7 +45,7 @@ #include <assert.h> -RCSID("$Id: resolve.c,v 1.53 2006/02/06 19:30:16 lha Exp $"); +RCSID("$Id: resolve.c,v 1.55 2006/04/14 13:56:00 lha Exp $"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH @@ -99,6 +99,16 @@ dns_type_to_string(int type) #if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) +static void +dns_free_rr(struct resource_record *rr) +{ + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + free(rr); +} + void ROKEN_LIB_FUNCTION dns_free_data(struct dns_reply *r) { @@ -107,29 +117,30 @@ dns_free_data(struct dns_reply *r) free(r->q.domain); for(rr = r->head; rr;){ struct resource_record *tmp = rr; - if(rr->domain) - free(rr->domain); - if(rr->u.data) - free(rr->u.data); rr = rr->next; - free(tmp); + dns_free_rr(tmp); } free (r); } static int parse_record(const unsigned char *data, const unsigned char *end_data, - const unsigned char **pp, struct resource_record **rr) + const unsigned char **pp, struct resource_record **ret_rr) { + struct resource_record *rr; int type, class, ttl, size; int status; char host[MAXDNAME]; const unsigned char *p = *pp; + + *ret_rr = NULL; + status = dn_expand(data, end_data, p, host, sizeof(host)); if(status < 0) return -1; if (p + status + 10 > end_data) return -1; + p += status; type = (p[0] << 8) | p[1]; p += 2; @@ -143,30 +154,30 @@ parse_record(const unsigned char *data, const unsigned char *end_data, if (p + size > end_data) return -1; - *rr = calloc(1, sizeof(**rr)); - if(*rr == NULL) + rr = calloc(1, sizeof(*rr)); + if(rr == NULL) return -1; - (*rr)->domain = strdup(host); - if((*rr)->domain == NULL) { - free(*rr); + rr->domain = strdup(host); + if(rr->domain == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->type = type; - (*rr)->class = class; - (*rr)->ttl = ttl; - (*rr)->size = size; + rr->type = type; + rr->class = class; + rr->ttl = ttl; + rr->size = size; switch(type){ case rk_ns_t_ns: case rk_ns_t_cname: case rk_ns_t_ptr: status = dn_expand(data, end_data, p, host, sizeof(host)); if(status < 0) { - free(*rr); + dns_free_rr(rr); return -1; } - (*rr)->u.txt = strdup(host); - if((*rr)->u.txt == NULL) { - free(*rr); + rr->u.txt = strdup(host); + if(rr->u.txt == NULL) { + dns_free_rr(rr); return -1; } break; @@ -176,101 +187,101 @@ parse_record(const unsigned char *data, const unsigned char *end_data, status = dn_expand(data, end_data, p + 2, host, sizeof(host)); if(status < 0){ - free(*rr); + dns_free_rr(rr); return -1; } if (status + 2 > size) { - free(*rr); + dns_free_rr(rr); return -1; } hostlen = strlen(host); - (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + hostlen); - if((*rr)->u.mx == NULL) { - free(*rr); + if(rr->u.mx == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.mx->preference = (p[0] << 8) | p[1]; - strlcpy((*rr)->u.mx->domain, host, hostlen + 1); + rr->u.mx->preference = (p[0] << 8) | p[1]; + strlcpy(rr->u.mx->domain, host, hostlen + 1); break; } case rk_ns_t_srv:{ size_t hostlen; status = dn_expand(data, end_data, p + 6, host, sizeof(host)); if(status < 0){ - free(*rr); + dns_free_rr(rr); return -1; } if (status + 6 > size) { - free(*rr); + dns_free_rr(rr); return -1; } hostlen = strlen(host); - (*rr)->u.srv = + rr->u.srv = (struct srv_record*)malloc(sizeof(struct srv_record) + hostlen); - if((*rr)->u.srv == NULL) { - free(*rr); + if(rr->u.srv == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.srv->priority = (p[0] << 8) | p[1]; - (*rr)->u.srv->weight = (p[2] << 8) | p[3]; - (*rr)->u.srv->port = (p[4] << 8) | p[5]; - strlcpy((*rr)->u.srv->target, host, hostlen + 1); + rr->u.srv->priority = (p[0] << 8) | p[1]; + rr->u.srv->weight = (p[2] << 8) | p[3]; + rr->u.srv->port = (p[4] << 8) | p[5]; + strlcpy(rr->u.srv->target, host, hostlen + 1); break; } case rk_ns_t_txt:{ if(size == 0 || size < *p + 1) { - free(*rr); + dns_free_rr(rr); return -1; } - (*rr)->u.txt = (char*)malloc(*p + 1); - if((*rr)->u.txt == NULL) { - free(*rr); + rr->u.txt = (char*)malloc(*p + 1); + if(rr->u.txt == NULL) { + dns_free_rr(rr); return -1; } - strncpy((*rr)->u.txt, (const char*)(p + 1), *p); - (*rr)->u.txt[*p] = '\0'; + strncpy(rr->u.txt, (const char*)(p + 1), *p); + rr->u.txt[*p] = '\0'; break; } case rk_ns_t_key : { size_t key_len; if (size < 4) { - free(*rr); + dns_free_rr(rr); return -1; } key_len = size - 4; - (*rr)->u.key = malloc (sizeof(*(*rr)->u.key) + key_len - 1); - if ((*rr)->u.key == NULL) { - free(*rr); + rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1); + if (rr->u.key == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.key->flags = (p[0] << 8) | p[1]; - (*rr)->u.key->protocol = p[2]; - (*rr)->u.key->algorithm = p[3]; - (*rr)->u.key->key_len = key_len; - memcpy ((*rr)->u.key->key_data, p + 4, key_len); + rr->u.key->flags = (p[0] << 8) | p[1]; + rr->u.key->protocol = p[2]; + rr->u.key->algorithm = p[3]; + rr->u.key->key_len = key_len; + memcpy (rr->u.key->key_data, p + 4, key_len); break; } case rk_ns_t_sig : { size_t sig_len, hostlen; if(size <= 18) { - free(*rr); + dns_free_rr(rr); return -1; } status = dn_expand (data, end_data, p + 18, host, sizeof(host)); if (status < 0) { - free(*rr); + dns_free_rr(rr); return -1; } if (status + 18 > size) { - free(*rr); + dns_free_rr(rr); return -1; } @@ -281,26 +292,26 @@ parse_record(const unsigned char *data, const unsigned char *end_data, */ sig_len = size - 18 - status; hostlen = strlen(host); - (*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig) + rr->u.sig = malloc(sizeof(*rr->u.sig) + hostlen + sig_len); - if ((*rr)->u.sig == NULL) { - free(*rr); + if (rr->u.sig == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.sig->type = (p[0] << 8) | p[1]; - (*rr)->u.sig->algorithm = p[2]; - (*rr)->u.sig->labels = p[3]; - (*rr)->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16) + rr->u.sig->type = (p[0] << 8) | p[1]; + rr->u.sig->algorithm = p[2]; + rr->u.sig->labels = p[3]; + rr->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]; - (*rr)->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16) + rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16) | (p[10] << 8) | p[11]; - (*rr)->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16) + rr->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16) | (p[14] << 8) | p[15]; - (*rr)->u.sig->key_tag = (p[16] << 8) | p[17]; - (*rr)->u.sig->sig_len = sig_len; - memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len); - (*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len]; - strlcpy((*rr)->u.sig->signer, host, hostlen + 1); + rr->u.sig->key_tag = (p[16] << 8) | p[17]; + rr->u.sig->sig_len = sig_len; + memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len); + rr->u.sig->signer = &rr->u.sig->sig_data[sig_len]; + strlcpy(rr->u.sig->signer, host, hostlen + 1); break; } @@ -308,78 +319,81 @@ parse_record(const unsigned char *data, const unsigned char *end_data, size_t cert_len; if (size < 5) { - free(*rr); + dns_free_rr(rr); return -1; } cert_len = size - 5; - (*rr)->u.cert = malloc (sizeof(*(*rr)->u.cert) + cert_len - 1); - if ((*rr)->u.cert == NULL) { - free(*rr); + rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1); + if (rr->u.cert == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.cert->type = (p[0] << 8) | p[1]; - (*rr)->u.cert->tag = (p[2] << 8) | p[3]; - (*rr)->u.cert->algorithm = p[4]; - (*rr)->u.cert->cert_len = cert_len; - memcpy ((*rr)->u.cert->cert_data, p + 5, cert_len); + rr->u.cert->type = (p[0] << 8) | p[1]; + rr->u.cert->tag = (p[2] << 8) | p[3]; + rr->u.cert->algorithm = p[4]; + rr->u.cert->cert_len = cert_len; + memcpy (rr->u.cert->cert_data, p + 5, cert_len); break; } case rk_ns_t_sshfp : { size_t sshfp_len; if (size < 2) { - free(*rr); + dns_free_rr(rr); return -1; } sshfp_len = size - 2; - (*rr)->u.sshfp = malloc (sizeof(*(*rr)->u.sshfp) + sshfp_len - 1); - if ((*rr)->u.sshfp == NULL) { - free(*rr); + rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1); + if (rr->u.sshfp == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.sshfp->algorithm = p[0]; - (*rr)->u.sshfp->type = p[1]; - (*rr)->u.sshfp->sshfp_len = sshfp_len; - memcpy ((*rr)->u.sshfp->sshfp_data, p + 2, sshfp_len); + rr->u.sshfp->algorithm = p[0]; + rr->u.sshfp->type = p[1]; + rr->u.sshfp->sshfp_len = sshfp_len; + memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len); break; } case rk_ns_t_ds: { size_t digest_len; if (size < 4) { - free(*rr); + dns_free_rr(rr); return -1; } digest_len = size - 4; - (*rr)->u.ds = malloc (sizeof(*(*rr)->u.ds) + digest_len - 1); - if ((*rr)->u.ds == NULL) { - free(*rr); + rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1); + if (rr->u.ds == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.ds->key_tag = (p[0] << 8) | p[1]; - (*rr)->u.ds->algorithm = p[2]; - (*rr)->u.ds->digest_type = p[3]; - (*rr)->u.ds->digest_len = digest_len; - memcpy ((*rr)->u.ds->digest_data, p + 4, digest_len); + rr->u.ds->key_tag = (p[0] << 8) | p[1]; + rr->u.ds->algorithm = p[2]; + rr->u.ds->digest_type = p[3]; + rr->u.ds->digest_len = digest_len; + memcpy (rr->u.ds->digest_data, p + 4, digest_len); break; } default: - (*rr)->u.data = (unsigned char*)malloc(size); - if(size != 0 && (*rr)->u.data == NULL) { - free(*rr); + rr->u.data = (unsigned char*)malloc(size); + if(size != 0 && rr->u.data == NULL) { + dns_free_rr(rr); return -1; } - memcpy((*rr)->u.data, p, size); + if (size) + memcpy(rr->u.data, p, size); } *pp = p + size; + *ret_rr = rr; + return 0; } @@ -633,8 +647,7 @@ dns_srv_order(struct dns_reply *r) /* find the last record with the same priority and count the sum of all weights */ for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) { - if(*tt == NULL) - continue; + assert(*tt != NULL); if((*tt)->u.srv->priority != (*ss)->u.srv->priority) break; sum += (*tt)->u.srv->weight; diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c index 2df3f83e36..8f200dfe10 100644 --- a/source4/heimdal/lib/roken/roken_gethostby.c +++ b/source4/heimdal/lib/roken/roken_gethostby.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: roken_gethostby.c,v 1.7 2005/04/12 11:29:03 lha Exp $"); +RCSID("$Id: roken_gethostby.c,v 1.8 2006/04/02 00:09:28 lha Exp $"); #endif #include <roken.h> @@ -186,7 +186,7 @@ roken_gethostby(const char *hostname) #define MAX_ADDRS 16 static struct hostent he; static char addrs[4 * MAX_ADDRS]; - static char *addr_list[MAX_ADDRS]; + static char *addr_list[MAX_ADDRS + 1]; int num_addrs = 0; he.h_name = p; diff --git a/source4/heimdal_build/config.mk b/source4/heimdal_build/config.mk index eb68acc4eb..88c88274a6 100644 --- a/source4/heimdal_build/config.mk +++ b/source4/heimdal_build/config.mk @@ -280,6 +280,7 @@ OBJ_FILES = \ ../heimdal/lib/des/rijndael-alg-fst.o \ ../heimdal/lib/des/rnd_keys.o \ ../heimdal/lib/des/sha.o \ + ../heimdal/lib/des/sha256.o \ ../heimdal/lib/des/ui.o \ ../heimdal/lib/des/evp.o \ ../heimdal/lib/des/pkcs5.o \ |