diff options
author | Theodore Tso <tytso@mit.edu> | 1996-12-13 19:28:16 +0000 |
---|---|---|
committer | Theodore Tso <tytso@mit.edu> | 1996-12-13 19:28:16 +0000 |
commit | e73566996463fb1947cf80ad2e11fadce3dc0b66 (patch) | |
tree | 4c75494b8a5a0e1169c37bcac34cc0aeccda7de2 /src/lib | |
parent | 20b3f46e04d4d0104dc971d22793011f20f2e51c (diff) | |
download | krb5-e73566996463fb1947cf80ad2e11fadce3dc0b66.tar.gz krb5-e73566996463fb1947cf80ad2e11fadce3dc0b66.tar.xz krb5-e73566996463fb1947cf80ad2e11fadce3dc0b66.zip |
Merge V1_0_FREEZE_3 into the mainline. (Note this merge does *not*
include the doc subtree!!)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9632 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
44 files changed, 422 insertions, 114 deletions
diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index c7e7fb6b1..791ed2b99 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,15 @@ +Sat Nov 23 00:25:25 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * libkrb5.def: Renamed to krb5_16.def [PR#204] + + * Makefile.in (all-windows): Change name of dll from krb5_16.dll, + which will be the final name of the DLL. [PR#204] + +Wed Nov 20 18:28:47 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * Makefile.in (clean-windows): Change the name of the Windows (16) + dll to be krb516.dll, instead of libkrb5.dll + Fri Jul 12 20:32:29 1996 Theodore Y. Ts'o <tytso@mit.edu> * win_glue.c: Added TIMEBOMB_INFO string which tells the user the diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index f0eaef89f..b8cd3980a 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -19,10 +19,10 @@ clean-unix:: $(RM) $(CLEANLIBS) clean-windows:: - $(RM) libkrb5.dll libkrb5.lib libkrb5.bak libkrb5.map winsock.lib + $(RM) krb5_16.dll krb5_16.lib krb5_16.bak krb5_16.map winsock.lib $(RM) gssapi.dll gssapi.lib gssapi.bak gssapi.map # -# Windows stuff to make libkrb5.dll and libkrb5.lib. Currently it +# Windows stuff to make krb5_16.dll and krb5_16.lib. Currently it # combines crypto, krb5, kadm and the util/et directories. # ALIB = kadm\kadm.lib @@ -34,7 +34,7 @@ PLIB = $(BUILDTOP)\util\profile\profile.lib WLIB = .\winsock.lib LIBS = $(ALIB) $(CLIB) $(KLIB) $(GLIB) $(ETLIB) $(PLIB) $(WLIB) -lib-windows: winsock.lib libkrb5.lib gssapi.lib +lib-windows: winsock.lib krb5_16.lib gssapi.lib gssapi.lib:: gssapi.dll implib /nologo gssapi.lib gssapi.dll @@ -44,13 +44,13 @@ gssapi.dll:: $(GLIB) $(LIBS) gssapi.def win_glue.obj $(LIBS) ldllcew libw oldnames, gssapi.def rc /nologo /p /k gssapi.dll -libkrb5.lib:: libkrb5.dll - implib /nologo libkrb5.lib libkrb5.dll +krb5_16.lib:: krb5_16.dll + implib /nologo krb5_16.lib krb5_16.dll -libkrb5.dll:: $(LIBS) libkrb5.def win_glue.obj - link /co /seg:400 /noe /nod /nol win_glue, libkrb5.dll, libkrb5.map, \ - $(LIBS) ldllcew libw oldnames, libkrb5.def - rc /nologo /p /k libkrb5.dll +krb5_16.dll:: $(LIBS) krb5_16.def win_glue.obj + link /co /seg:400 /noe /nod /nol win_glue, krb5_16.dll, krb5_16.map, \ + $(LIBS) ldllcew libw oldnames, krb5_16.def + rc /nologo /p /k krb5_16.dll sap_glue.obj: win_glue.c $(CC) $(CFLAGS) -DSAP_TIMEBOMB -I$(VERS_DIR) /c \ @@ -83,7 +83,7 @@ all-windows:: @echo Making in lib cd .. -all-windows:: libkrb5.lib gssapi.lib +all-windows:: krb5_16.lib gssapi.lib clean-windows:: @echo Making clean in lib\crypto diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 680319932..ecdb1d41e 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,17 @@ +Sat Nov 23 00:22:20 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * cryptoconf.c: Also zero out the entries in cryptoconf, to make + sure no one tries to use triple DES and SHA. + +Fri Nov 22 20:49:13 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * configure.in (enableval): Disable triple DES and SHA, since + what's there isn't the final triple DES. [PR#231] + +Mon Nov 18 20:38:24 1996 Ezra Peisach <epeisach@mit.edu> + [krb5-libs/201] + * configure.in: Set shared library version to 1.0. + Thu Jun 6 00:04:38 1996 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in (all-windows): Don't pass $(LIBCMD) on the command diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in index 9e0451004..53f9fcc39 100644 --- a/src/lib/crypto/configure.in +++ b/src/lib/crypto/configure.in @@ -19,17 +19,17 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling DES_CBC_MD5) fi -AC_ARG_ENABLE([des3-cbc-sha], -[ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT). - --disable-des3-cbc-sha disable DES3_CBC_SHA.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES3_CBC_SHA) - AC_DEFINE(PROVIDE_DES3_CBC_SHA) -else - AC_MSG_RESULT(Disabling DES3_CBC_SHA) -fi +dnl AC_ARG_ENABLE([des3-cbc-sha], +dnl [ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT). +dnl --disable-des3-cbc-sha disable DES3_CBC_SHA.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling DES3_CBC_SHA) +dnl AC_DEFINE(PROVIDE_DES3_CBC_SHA) +dnl else +dnl AC_MSG_RESULT(Disabling DES3_CBC_SHA) +dnl fi AC_ARG_WITH([des-cbc-crc], [ --enable-des-cbc-crc enable DES_CBC_CRC (DEFAULT). --disable-des-cbc-crc disable DES_CBC_CRC.], @@ -52,17 +52,17 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling DES_CBC_RAW) fi -AC_ARG_WITH([des3-cbc-raw], -[ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT). - --disable-des3-cbc-raw disable DES3_CBC_RAW.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES3_CBC_RAW) - AC_DEFINE(PROVIDE_DES3_CBC_RAW) -else - AC_MSG_RESULT(Disabling DES3_CBC_RAW) -fi +dnl AC_ARG_WITH([des3-cbc-raw], +dnl [ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT). +dnl --disable-des3-cbc-raw disable DES3_CBC_RAW.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling DES3_CBC_RAW) +dnl AC_DEFINE(PROVIDE_DES3_CBC_RAW) +dnl else +dnl AC_MSG_RESULT(Disabling DES3_CBC_RAW) +dnl fi AC_ARG_WITH([des-cbc-cksum], [ --enable-des-cbc-cksum enable DES_CBC_CKSUM (DEFAULT). --disable-des-cbc-cksum disable DES_CBC_CKSUM.], @@ -107,20 +107,20 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling RSA_MD5) fi -AC_ARG_WITH([nist-sha], -[ --enable-nist-sha enable NIST_SHA (DEFAULT). - --disable-nist-sha disable NIST_SHA.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling NIST_SHA) - AC_DEFINE(PROVIDE_NIST_SHA) -else - AC_MSG_RESULT(Disabling NIST_SHA) -fi +dnl AC_ARG_WITH([nist-sha], +dnl [ --enable-nist-sha enable NIST_SHA (DEFAULT). +dnl --disable-nist-sha disable NIST_SHA.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling NIST_SHA) +dnl AC_DEFINE(PROVIDE_NIST_SHA) +dnl else +dnl AC_MSG_RESULT(Disabling NIST_SHA) +dnl fi V5_SHARED_LIB_OBJS SubdirLibraryRule([${OBJS}]) DO_SUBDIRS -V5_MAKE_SHARED_LIB(libcrypto,0.1,.., ./crypto) +V5_MAKE_SHARED_LIB(libcrypto,1.0,.., ./crypto) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/crypto/cryptoconf.c b/src/lib/crypto/cryptoconf.c index 768c6cf3c..62be74581 100644 --- a/src/lib/crypto/cryptoconf.c +++ b/src/lib/crypto/cryptoconf.c @@ -53,8 +53,10 @@ #ifdef PROVIDE_NIST_SHA #include "shs.h" -#define SHA_CKENTRY &nist_sha_cksumtable_entry -#define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry +/* #define SHA_CKENTRY &nist_sha_cksumtable_entry */ +/* #define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry */ +#define SHA_CKENTRY 0 +#define HMAC_SHA_CKENTRY 0 #else #define SHA_CKENTRY 0 #define HMAC_SHA_CKENTRY 0 @@ -109,7 +111,11 @@ #include "des_int.h" #define _DES_DONE__ #endif -#define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry +/* Don't try to enable triple DES unless you know what you are doing; */ +/* the current implementation of triple DES is NOT the final and */ +/* correct implementation.!!! */ +/* #define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry */ +#define DES3_CBC_SHA_CSENTRY 0 #else #define DES3_CBC_SHA_CSENTRY 0 #endif @@ -119,7 +125,8 @@ #include "des_int.h" #define _DES_DONE__ #endif -#define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry +/* #define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry */ +#define DES3_CBC_RAW_CSENTRY 0 #else #define DES3_CBC_RAW_CSENTRY 0 #endif diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index c0c8faa43..8b1457e07 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:39:02 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Aug 7 12:50:36 1996 Ezra Peisach <epeisach@mit.edu> * new_rnd_key.c (des_set_sequence_number): Change cast to diff --git a/src/lib/des425/configure.in b/src/lib/des425/configure.in index 08126b06c..07072c9f2 100644 --- a/src/lib/des425/configure.in +++ b/src/lib/des425/configure.in @@ -29,5 +29,5 @@ AC_SUBST(CRYPTO_SH_VERS) KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5 AC_SUBST(KRB5_SH_VERS) KRB5_RUN_FLAGS -V5_MAKE_SHARED_LIB(libdes425,0.1,.., ./des425) +V5_MAKE_SHARED_LIB(libdes425,1.0,.., ./des425) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/gssapi/ChangeLog b/src/lib/gssapi/ChangeLog index 505b5d355..b29cc371b 100644 --- a/src/lib/gssapi/ChangeLog +++ b/src/lib/gssapi/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:39:41 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Tue Jul 23 22:50:22 1996 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in (MAC_SUBDIRS): Remove mechglue from the list of diff --git a/src/lib/gssapi/configure.in b/src/lib/gssapi/configure.in index 164582c64..f2bb70429 100644 --- a/src/lib/gssapi/configure.in +++ b/src/lib/gssapi/configure.in @@ -7,7 +7,7 @@ AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL DO_SUBDIRS -V5_MAKE_SHARED_LIB(libgssapi_krb5,0.1,.., ./gssapi) +V5_MAKE_SHARED_LIB(libgssapi_krb5,1.0,.., ./gssapi) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog index 993470825..30fd1c3c2 100644 --- a/src/lib/gssapi/generic/ChangeLog +++ b/src/lib/gssapi/generic/ChangeLog @@ -1,3 +1,12 @@ +Wed Nov 20 13:59:58 1996 Ezra Peisach <epeisach@mit.edu> + + * Makefile.in (install): Install gssapi.h from the build tree. + +Tue Nov 19 16:43:16 1996 Tom Yu <tlyu@mit.edu> + + * Makefile.in (gssapi.h): grep USE_.*_H out from autoconf.h as + well (some stuff was depending on USE_STRING_H). + Mon Nov 18 12:38:34 1996 Tom Yu <tlyu@mit.edu> *gssapi.h: Renamed to gssapi.hin. diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in index 1e1aa7ebb..87b414f47 100644 --- a/src/lib/gssapi/generic/Makefile.in +++ b/src/lib/gssapi/generic/Makefile.in @@ -37,6 +37,7 @@ gssapi.h: gssapi.hin echo "/* It contains some choice pieces of autoconf.h */" >> $@ grep SIZEOF $(BUILDTOP)/include/krb5/autoconf.h >> $@ grep 'HAVE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@ + grep 'USE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@ echo "/* End of gssapi.h prologue. */" cat $(srcdir)/gssapi.hin >> $@ @@ -84,7 +85,8 @@ OBJS = \ $(OBJS): $(HDRS) $(ETHDRS) -EXPORTED_HEADERS= gssapi.h gssapi_generic.h +EXPORTED_HEADERS= gssapi_generic.h +EXPORTED_BUILT_HEADERS= gssapi.h all-unix:: shared $(SRCS) $(ETHDRS) $(OBJS) @@ -116,5 +118,9 @@ install:: do $(INSTALL_DATA) $(srcdir)/$$f \ $(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \ done + @set -x; for f in $(EXPORTED_BUILT_HEADERS) ; \ + do $(INSTALL_DATA) $$f \ + $(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \ + done depend:: $(ETSRCS) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index e1c1d9849..8f9ac2c0d 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -4,6 +4,30 @@ Wed Dec 4 13:06:13 1996 Barry Jaspan <bjaspan@mit.edu> instead of scanning through keytab to find matching principal [krb5-libs/210] +Wed Nov 20 19:55:29 1996 Marc Horowitz <marc@cygnus.com> + + * init_sec_context.c (make_ap_rep, krb5_gss_init_sec_context), + accept_sec_context.c (krb5_gss_accept_sec_context): fix up use of + gss flags. under some circumstances, the context would not have + checked for replay or sequencing, even if those features were + requested. + + * init_sec_context.c (make_ap_req), (krb5_gss_init_sec_context): + If delegation is requested, but forwarding the credentials fails, + instead of aborting the context setup, just don't forward + credentials. + + * gssapiP_krb5.h (krb5_gss_ctx_id_t), ser_sctx.c + (kg_ctx_externalize, kg_ctx_internalize), init_sec_context.c + (krb5_gss_init_sec_context), get_tkt_flags.c + (gss_krb5_get_tkt_flags), accept_sec_context.c + (krb5_gss_accept_sec_context): rename ctx->flags to + ctx->krb_flags, to disambiguate it from ctx->gss_flags + + * accept_sec_context.c (krb5_gss_accept_sec_context): If the subkey + isn't present in the authenticator, then use the session key + instead. + Sat Oct 19 00:38:22 1996 Theodore Y. Ts'o <tytso@mit.edu> * ser_sctx.c (kg_oid_externalize, kg_oid_internalize, diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 234606921..158983557 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -384,8 +384,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, ctx->mech_used = mech_used; ctx->auth_context = auth_context; ctx->initiate = 0; - ctx->gss_flags = GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | - (gss_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG)); + ctx->gss_flags = KG_IMPLFLAGS(gss_flags); ctx->seed_init = 0; ctx->big_endian = bigend; @@ -417,6 +416,29 @@ krb5_gss_accept_sec_context(minor_status, context_handle, return(GSS_S_FAILURE); } + /* use the session key if the subkey isn't present */ + + if (ctx->subkey == NULL) { + if ((code = krb5_auth_con_getkey(context, auth_context, + &ctx->subkey))) { + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); + xfree(ctx); + *minor_status = code; + return(GSS_S_FAILURE); + } + } + + if (ctx->subkey == NULL) { + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); + xfree(ctx); + /* this isn't a very good error, but it's not clear to me this + can actually happen */ + *minor_status = KRB5KDC_ERR_NULL_KEY; + return(GSS_S_FAILURE); + } + switch(ctx->subkey->enctype) { case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES_CBC_CRC: @@ -464,7 +486,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } ctx->endtime = ticket->enc_part2->times.endtime; - ctx->flags = ticket->enc_part2->flags; + ctx->krb_flags = ticket->enc_part2->flags; krb5_free_ticket(context, ticket); /* Done with ticket */ @@ -487,8 +509,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } g_order_init(&(ctx->seqstate), ctx->seq_recv, - (gss_flags & GSS_C_REPLAY_FLAG) != 0, - (gss_flags & GSS_C_SEQUENCE_FLAG) != 0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0); /* at this point, the entire context structure is filled in, so it can be released. */ @@ -545,7 +567,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, *time_rec = ctx->endtime - now; if (ret_flags) - *ret_flags = KG_IMPLFLAGS(gss_flags); + *ret_flags = ctx->gss_flags; ctx->established = 1; diff --git a/src/lib/gssapi/krb5/get_tkt_flags.c b/src/lib/gssapi/krb5/get_tkt_flags.c index 5dd91064f..eebf06d81 100644 --- a/src/lib/gssapi/krb5/get_tkt_flags.c +++ b/src/lib/gssapi/krb5/get_tkt_flags.c @@ -48,7 +48,7 @@ gss_krb5_get_tkt_flags(minor_status, context_handle, ticket_flags) } if (ticket_flags) - *ticket_flags = ctx->flags; + *ticket_flags = ctx->krb_flags; *minor_status = 0; return(GSS_S_COMPLETE); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index ee327baf6..97f2d51d5 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -113,7 +113,7 @@ typedef struct _krb5_gss_ctx_id_rec { krb5_gss_enc_desc enc; krb5_gss_enc_desc seq; krb5_timestamp endtime; - krb5_flags flags; + krb5_flags krb_flags; krb5_int32 seq_send; krb5_int32 seq_recv; void *seqstate; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 690d5af2b..3b8935fff 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -30,15 +30,15 @@ static krb5_error_code make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, - req_flags, flags, mech_type, token) + req_flags, krb_flags, mech_type, token) krb5_context context; krb5_auth_context * auth_context; krb5_gss_cred_id_t cred; krb5_principal server; krb5_timestamp *endtime; gss_channel_bindings_t chan_bindings; - OM_uint32 req_flags; - krb5_flags *flags; + OM_uint32 *req_flags; + krb5_flags *krb_flags; gss_OID mech_type; gss_buffer_t token; { @@ -74,8 +74,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, /* build the checksum field */ - if(*flags && GSS_C_DELEG_FLAG) { - + if (*req_flags & GSS_C_DELEG_FLAG) { /* first get KRB_CRED message, so we know its length */ /* clear the time check flag that was set in krb5_auth_con_init() */ @@ -83,20 +82,27 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, krb5_auth_con_setflags(context, *auth_context, con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); - if ((code = krb5_fwd_tgt_creds(context, *auth_context, 0, + code = krb5_fwd_tgt_creds(context, *auth_context, 0, cred->princ, server, cred->ccache, 1, - &credmsg))) - return(code); + &credmsg); /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */ krb5_auth_con_setflags(context, *auth_context, con_flags); - if(credmsg.length+28 > KRB5_INT16_MAX) { - krb5_xfree(credmsg.data); - return(KRB5KRB_ERR_FIELD_TOOLONG); - } + if (code) { + /* don't fail here; just don't accept/do the delegation + request */ + *req_flags &= ~GSS_C_DELEG_FLAG; - checksum_data.length = 28+credmsg.length; + checksum_data.length = 24; + } else { + if (credmsg.length+28 > KRB5_INT16_MAX) { + krb5_xfree(credmsg.data); + return(KRB5KRB_ERR_FIELD_TOOLONG); + } + + checksum_data.length = 28+credmsg.length; + } } else { checksum_data.length = 24; } @@ -115,7 +121,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, TWRITE_INT(ptr, md5.length, 0); TWRITE_STR(ptr, (unsigned char *) md5.contents, md5.length); - TWRITE_INT(ptr, KG_IMPLFLAGS(req_flags), 0); + TWRITE_INT(ptr, *req_flags, 0); /* done with this, free it */ xfree(md5.contents); @@ -151,7 +157,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, mk_req_flags = AP_OPTS_USE_SUBKEY; - if (req_flags & GSS_C_MUTUAL_FLAG) + if (*req_flags & GSS_C_MUTUAL_FLAG) mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED; if ((code = krb5_mk_req_extended(context, auth_context, mk_req_flags, @@ -160,7 +166,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, /* store the interesting stuff from creds and authent */ *endtime = out_creds->times.endtime; - *flags = out_creds->ticket_flags; + *krb_flags = out_creds->ticket_flags; /* build up the token */ @@ -264,15 +270,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, err = 0; if (mech_type == GSS_C_NULL_OID) { - mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old; - } else if (g_OID_equal(mech_type, gss_mech_krb5)) { - if (!cred->rfc_mech) - err = 1; - } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { - if (!cred->prerfc_mech) - err = 1; - } else - err = 1; + mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old; + } else if (g_OID_equal(mech_type, gss_mech_krb5)) { + if (!cred->rfc_mech) + err = 1; + } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { + if (!cred->prerfc_mech) + err = 1; + } else + err = 1; if (err) { *minor_status = 0; @@ -318,9 +324,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ctx->mech_used = mech_type; ctx->auth_context = NULL; ctx->initiate = 1; - ctx->gss_flags = ((req_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG)) | - GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG); - ctx->flags = req_flags & GSS_C_DELEG_FLAG; + ctx->gss_flags = KG_IMPLFLAGS(req_flags); ctx->seed_init = 0; ctx->big_endian = 0; /* all initiators do little-endian, as per spec */ ctx->seqstate = 0; @@ -352,7 +356,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((code = make_ap_req(context, &(ctx->auth_context), cred, ctx->there, &ctx->endtime, input_chan_bindings, - req_flags, &ctx->flags, mech_type, &token))) { + &ctx->gss_flags, &ctx->krb_flags, mech_type, + &token))) { krb5_free_principal(context, ctx->here); krb5_free_principal(context, ctx->there); xfree(ctx); @@ -438,7 +443,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, *output_token = token; if (ret_flags) - *ret_flags = KG_IMPLFLAGS(req_flags); + *ret_flags = ctx->gss_flags; if (actual_mech_type) *actual_mech_type = mech_type; @@ -452,8 +457,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, } else { ctx->seq_recv = ctx->seq_send; g_order_init(&(ctx->seqstate), ctx->seq_recv, - (req_flags & GSS_C_REPLAY_FLAG) != 0, - (req_flags & GSS_C_SEQUENCE_FLAG) != 0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0); ctx->established = 1; /* fall through to GSS_S_COMPLETE */ } @@ -477,7 +482,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((ctx->established) || (((gss_cred_id_t) cred) != claimant_cred_handle) || - ((req_flags & GSS_C_MUTUAL_FLAG) == 0)) { + ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) { (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); /* XXX this minor status is wrong if an arg was changed */ @@ -534,8 +539,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* store away the sequence number */ ctx->seq_recv = ap_rep_data->seq_number; g_order_init(&(ctx->seqstate), ctx->seq_recv, - (req_flags & GSS_C_REPLAY_FLAG) != 0, - (req_flags & GSS_C_SEQUENCE_FLAG) !=0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0); /* free the ap_rep_data */ krb5_free_ap_rep_enc_part(context, ap_rep_data); diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index 259cce5b8..22b5c367c 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -515,7 +515,7 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime, &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->flags, + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->seq_send, &bp, &remain); @@ -632,7 +632,7 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->endtime = (krb5_timestamp) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->flags = (krb5_flags) ibuf; + ctx->krb_flags = (krb5_flags) ibuf; (void) krb5_ser_unpack_int32(&ctx->seq_send, &bp, &remain); (void) krb5_ser_unpack_int32(&ctx->seq_recv, &bp, &remain); (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); diff --git a/src/lib/gssapi/mechglue/ChangeLog b/src/lib/gssapi/mechglue/ChangeLog index 97558b1a2..9f8fb1bc4 100644 --- a/src/lib/gssapi/mechglue/ChangeLog +++ b/src/lib/gssapi/mechglue/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:43:54 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Shared library version number to 1.0. [krb5-libs/201] + Wed Jun 12 00:50:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Remove include of config/windows.in; that's done diff --git a/src/lib/gssapi/mechglue/configure.in b/src/lib/gssapi/mechglue/configure.in index 73cf30efd..bd9b4db21 100644 --- a/src/lib/gssapi/mechglue/configure.in +++ b/src/lib/gssapi/mechglue/configure.in @@ -13,7 +13,7 @@ case $host in *-*-aix*) # don't build libgssapi.a on AIX ;; *) - V5_MAKE_SHARED_LIB(libgssapi,0.1,.., ./mechglue) + V5_MAKE_SHARED_LIB(libgssapi,1.0,.., ./mechglue) AppendRule([install:: libgssapi.[$](LIBEXT) [$](INSTALL_DATA) libgssapi.[$](LIBEXT) [$](DESTDIR)[$](KRB5_LIBDIR)[$](S)libgssapi.[$](LIBEXT)]) LinkFileDir([$](TOPLIBD)/libgssapi.[$](LIBEXT),libgssapi.[$](LIBEXT),./gssapi/mechglue) diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index d9c5b76bd..0a65eff00 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -9,6 +9,18 @@ Fri Nov 22 11:11:34 1996 Sam Hartman <hartmans@mit.edu> * Makefile.in (SHLIB_LIBS): Do not link shared against -ldb [224] +Tue Nov 26 03:04:04 1996 Sam Hartman <hartmans@mit.edu> + + * server_acl.c (acl_load_acl_file): Fix coredump by allowing + catchall_entry to be null, but do not reference it if it is. + Thanks to marc. [242] + +Mon Nov 25 17:53:20 1996 Barry Jaspan <bjaspan@mit.edu> + + * server_acl.c: set acl_catchall_entry to "" instead of NULL, + since it is presumed to contain something, but we don't want any + default entry [krb5-admin/237] + Wed Nov 13 19:20:36 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (clean-unix): Remove shared/*. diff --git a/src/lib/kadm5/unit-test/ChangeLog b/src/lib/kadm5/unit-test/ChangeLog index 0f95d8138..2fe5fb96d 100644 --- a/src/lib/kadm5/unit-test/ChangeLog +++ b/src/lib/kadm5/unit-test/ChangeLog @@ -3,6 +3,10 @@ Mon Dec 9 15:57:55 1996 Barry Jaspan <bjaspan@mit.edu> * api.0/init.exp, api.2/init.exp: use spawn/expect instead of exec so tests don't fail when kadmin.local produces output +Wed Nov 20 15:59:34 1996 Barry Jaspan <bjaspan@mit.edu> + + * Makefile.in (check-): warn more loudly about unrun tests + Mon Nov 11 20:51:27 1996 Tom Yu <tlyu@mit.edu> * configure.in: Add AC_CANONICAL_HOST to deal with new pre.in. diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in index 455f42880..333c663e5 100644 --- a/src/lib/kadm5/unit-test/Makefile.in +++ b/src/lib/kadm5/unit-test/Makefile.in @@ -49,7 +49,10 @@ server-iter-test: iter-test.o $(SRVDEPLIBS) check:: check-@DO_TEST@ check-:: - @echo "Either tcl, runtest, or Perl is unavailable. Kadm5 unit tests not run" + @echo "+++" + @echo "+++ WARNING: lib/kadm5 unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" check-ok unit-test:: unit-test-client unit-test-server diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index 3f74707fb..ca9b83089 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:40:12 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Tue Nov 12 23:41:55 1996 Mark Eichin <eichin@cygnus.com> * kdb_dbm.c: Ditch DB_OPENCLOSE conditionals, and fix the real diff --git a/src/lib/kdb/configure.in b/src/lib/kdb/configure.in index 75c4e40c8..8f04d9824 100644 --- a/src/lib/kdb/configure.in +++ b/src/lib/kdb/configure.in @@ -20,7 +20,7 @@ KRB5_RUN_FLAGS V5_USE_SHARED_LIB KRB5_LIBRARIES V5_SHARED_LIB_OBJS -V5_MAKE_SHARED_LIB(libkdb5,0.1,.., ./kdb) +V5_MAKE_SHARED_LIB(libkdb5,1.0,.., ./kdb) AppendRule([all-unix:: ../libkdb5.a]) KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5 AC_SUBST(KRB5_SH_VERS) diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 27ab65fe1..1c7296b8c 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:40:39 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Thu Nov 7 12:33:06 1996 Theodore Y. Ts'o <tytso@mit.edu> * g_in_tkt.c: diff --git a/src/lib/krb4/configure.in b/src/lib/krb4/configure.in index 4e3dd8c0f..2a4c8b3a7 100644 --- a/src/lib/krb4/configure.in +++ b/src/lib/krb4/configure.in @@ -44,7 +44,7 @@ AC_HAVE_FUNCS(strsave seteuid setreuid setresuid) AC_PROG_AWK V5_SHARED_LIB_OBJS SubdirLibraryRule([$(OBJS)]) -V5_MAKE_SHARED_LIB(libkrb4,0.1,.., ./krb4) +V5_MAKE_SHARED_LIB(libkrb4,1.0,.., ./krb4) CopyHeader(krb_err.h,$(EHDRDIR)) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) diff --git a/src/lib/krb5/ChangeLog b/src/lib/krb5/ChangeLog index 00b17c7d8..e77f6b970 100644 --- a/src/lib/krb5/ChangeLog +++ b/src/lib/krb5/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:42:39 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Oct 23 01:15:40 1996 Theodore Y. Ts'o <tytso@mit.edu> * configure.in, Makefile.in: Check to see if the -lgen library diff --git a/src/lib/krb5/configure.in b/src/lib/krb5/configure.in index c612ed7c9..2ac53bdfe 100644 --- a/src/lib/krb5/configure.in +++ b/src/lib/krb5/configure.in @@ -16,7 +16,7 @@ dnl AC_CHECK_LIB(gen,compile,SHLIB_GEN=-lgen,SHLIB_GEN='') AC_SUBST(SHLIB_GEN) dnl -V5_MAKE_SHARED_LIB(libkrb5,0.1,.., ./krb5) +V5_MAKE_SHARED_LIB(libkrb5,1.0,.., ./krb5) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err diff --git a/src/lib/krb5/error_tables/ChangeLog b/src/lib/krb5/error_tables/ChangeLog index 0b60e42c5..6eff8a21a 100644 --- a/src/lib/krb5/error_tables/ChangeLog +++ b/src/lib/krb5/error_tables/ChangeLog @@ -1,3 +1,7 @@ +Tue Nov 19 17:06:26 1996 Barry Jaspan <bjaspan@mit.edu> + + * krb5_err.et: add KRB5_KT_KVNONOTFOUND [krb5-libs/198] + Wed Nov 6 11:15:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * krb5_err.et: Make the KRB5_CONFIG_CANTOPEN and diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et index 06af95541..1b4223242 100644 --- a/src/lib/krb5/error_tables/krb5_err.et +++ b/src/lib/krb5/error_tables/krb5_err.et @@ -300,5 +300,6 @@ error_code KRB5_CONFIG_NODEFREALM, "Configuration file does not specify default error_code KRB5_SAM_UNSUPPORTED, "Bad SAM flags in obtain_sam_padata" error_code KRB5_KT_NAME_TOOLONG, "Keytab name too long" +error_code KRB5_KT_KVNONOTFOUND, "Key version number for principal in key table is incorrect" end diff --git a/src/lib/krb5/keytab/file/ChangeLog b/src/lib/krb5/keytab/file/ChangeLog index c37f70950..f14e2a030 100644 --- a/src/lib/krb5/keytab/file/ChangeLog +++ b/src/lib/krb5/keytab/file/ChangeLog @@ -1,3 +1,8 @@ +Tue Nov 19 17:06:59 1996 Barry Jaspan <bjaspan@mit.edu> + + * ktf_g_ent.c (krb5_ktfile_get_entry): return KRB5_KT_KVNONOTFOUND + when appropriate [krb5-libs/198] + Wed Jul 24 17:10:11 1996 Theodore Y. Ts'o <tytso@mit.edu> * ktf_g_name.c (krb5_ktfile_get_name): Use the error code diff --git a/src/lib/krb5/keytab/file/ktf_g_ent.c b/src/lib/krb5/keytab/file/ktf_g_ent.c index 4805d5c69..e42dcdbd4 100644 --- a/src/lib/krb5/keytab/file/ktf_g_ent.c +++ b/src/lib/krb5/keytab/file/ktf_g_ent.c @@ -40,6 +40,7 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) { krb5_keytab_entry cur_entry, new_entry; krb5_error_code kerror = 0; + int found_wrong_kvno = 0; /* Open the keyfile for reading */ if ((kerror = krb5_ktfileint_openr(context, id))) @@ -92,14 +93,21 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) krb5_kt_free_entry(context, &cur_entry); cur_entry = new_entry; break; - } + } else + found_wrong_kvno++; } } else { krb5_kt_free_entry(context, &new_entry); } } - if (kerror == KRB5_KT_END) - kerror = cur_entry.principal ? 0 : KRB5_KT_NOTFOUND; + if (kerror == KRB5_KT_END) { + if (cur_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; + } if (kerror) { (void) krb5_ktfileint_close(context, id); krb5_kt_free_entry(context, &cur_entry); diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index c702d0aa9..18bf88594 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +Thu Nov 21 13:54:01 1996 Ezra Peisach <epeisach@mit.edu> + + * recvauth.c (krb5_recvauth): If there is an error, and the server + argument to krb5_recvauth is NULL, create a dummy server + entry for the krb5_error structure so that krb5_mk_error + will not die with missing required fields. [krb5-libs/209] + Wed Nov 13 14:30:47 1996 Tom Yu <tlyu@mit.edu> * init_ctx.c: Revert previous kt_default_name changes. diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index d6d6772de..d5e7b5fc5 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -57,6 +57,7 @@ krb5_recvauth(context, auth_context, krb5_rcache rcache = 0; krb5_octet response; krb5_data null_server; + int need_error_free = 0; /* * Zero out problem variable. If problem is set at the end of @@ -173,7 +174,14 @@ krb5_recvauth(context, auth_context, memset((char *)&error, 0, sizeof(error)); krb5_us_timeofday(context, &error.stime, &error.susec); - error.server = server; + if(server) + error.server = server; + else { + /* If this fails - ie. ENOMEM we are hosed + we cannot even send the error if we wanted to... */ + (void) krb5_parse_name(context, "????", &error.server); + need_error_free = 1; + } error.error = problem - ERROR_TABLE_BASE_krb5; if (error.error > 127) @@ -190,6 +198,9 @@ krb5_recvauth(context, auth_context, goto cleanup; } free(error.text.data); + if(need_error_free) + krb5_free_principal(context, error.server); + } else { outbuf.length = 0; outbuf.data = 0; diff --git a/src/lib/krb5_16.def b/src/lib/krb5_16.def new file mode 100644 index 000000000..9d9d5e5ef --- /dev/null +++ b/src/lib/krb5_16.def @@ -0,0 +1,65 @@ +;---------------------------------------------------- +; LIBKRB5.DEF - LIBKRB5.DLL module definition file +;---------------------------------------------------- + +LIBRARY LIBKRB5 +DESCRIPTION 'DLL for Kerberos 5' +EXETYPE WINDOWS +CODE PRELOAD MOVEABLE DISCARDABLE +DATA PRELOAD MOVEABLE SINGLE +HEAPSIZE 8192 + +EXPORTS + WEP @1001 RESIDENTNAME + LIBMAIN @1002 + GSS_ACQUIRE_CRED @1 + GSS_RELEASE_CRED @2 + GSS_INIT_SEC_CONTEXT @3 + GSS_ACCEPT_SEC_CONTEXT @4 + GSS_PROCESS_CONTEXT_TOKEN @5 + GSS_DELETE_SEC_CONTEXT @6 + GSS_CONTEXT_TIME @7 + GSS_SIGN @8 + GSS_VERIFY @9 + GSS_SEAL @10 + GSS_UNSEAL @11 + GSS_DISPLAY_STATUS @12 + GSS_INDICATE_MECHS @13 + GSS_COMPARE_NAME @14 + GSS_DISPLAY_NAME @15 + GSS_IMPORT_NAME @16 + GSS_RELEASE_NAME @17 + GSS_RELEASE_BUFFER @18 + GSS_RELEASE_OID_SET @19 + GSS_INQUIRE_CRED @20 +; Kerberos 5 + _krb5_build_principal_ext + KRB5_CC_DEFAULT + KRB5_FREE_ADDRESSES + KRB5_FREE_AP_REP_ENC_PART + KRB5_FREE_CRED_CONTENTS + KRB5_FREE_CREDS + KRB5_FREE_PRINCIPAL + KRB5_GET_CREDENTIALS + KRB5_GET_DEFAULT_REALM + KRB5_GET_IN_TKT_WITH_PASSWORD + KRB5_GET_NOTIFICATION_MESSAGE + KRB5_INIT_CONTEXT + KRB5_INIT_ETS + KRB5_MK_REQ_EXTENDED + KRB5_OS_LOCALADDR + KRB5_PARSE_NAME + KRB5_RD_REP + KRB5_SNAME_TO_PRINCIPAL + KRB5_TIMEOFDAY + KRB5_US_TIMEOFDAY + KRB5_UNPARSE_NAME +;Kadm routines + KRB5_ADM_CONNECT + KRB5_ADM_DISCONNECT + KRB5_FREE_ADM_DATA + KRB5_READ_ADM_REPLY + KRB5_SEND_ADM_CMD +;Com_err routines + _com_err + ERROR_MESSAGE diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 1f815211b..904ca169b 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -19,6 +19,21 @@ Wed Dec 4 12:42:49 1996 Barry Jaspan <bjaspan@mit.edu> recvfrom in order to determine both source and dest address on unconnected UDP socket, set xp_laddr and xp_laddrlen +Fri Nov 22 15:50:42 1996 unknown <bjaspan@mit.edu> + + * get_myaddress.c (get_myaddress): use krb5_os_localaddr instead + of ioctl() to get local IP addresses [krb5-libs/227] + + * clnt_generic.c, clnt_simple.c, getrpcport.c: use sizeof instead + of h_length to determine number of bytes of addr to copy from DNS + response [krb5-misc/211] + +Fri Nov 22 11:49:43 1996 Sam Hartman <hartmans@mit.edu> + + * types.hin: Include stdlib.h if found at config time [203] + + * configure.in: Substitute STDLIB_INCLUDE into types.h. [203] + Tue Nov 12 16:27:27 1996 Barry Jaspan <bjaspan@mit.edu> * auth_gssapi.c (auth_gssapi_create): handle channel bindings diff --git a/src/lib/rpc/clnt_generic.c b/src/lib/rpc/clnt_generic.c index f111c2e14..9eeabe152 100644 --- a/src/lib/rpc/clnt_generic.c +++ b/src/lib/rpc/clnt_generic.c @@ -73,7 +73,7 @@ clnt_create(hostname, prog, vers, proto) sin.sin_family = h->h_addrtype; sin.sin_port = 0; memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); - memmove((char*)&sin.sin_addr, h->h_addr, h->h_length); + memmove((char*)&sin.sin_addr, h->h_addr, sizeof(sin.sin_addr)); p = getprotobyname(proto); if (p == NULL) { rpc_createerr.cf_stat = RPC_UNKNOWNPROTO; diff --git a/src/lib/rpc/clnt_simple.c b/src/lib/rpc/clnt_simple.c index 0d8f7a4df..9b5ba9fa6 100644 --- a/src/lib/rpc/clnt_simple.c +++ b/src/lib/rpc/clnt_simple.c @@ -88,7 +88,8 @@ callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out) return ((int) RPC_UNKNOWNHOST); timeout.tv_usec = 0; timeout.tv_sec = 5; - memmove((char *)&server_addr.sin_addr, hp->h_addr, hp->h_length); + memmove((char *)&server_addr.sin_addr, hp->h_addr, + sizeof(server_addr.sin_addr)); server_addr.sin_family = AF_INET; server_addr.sin_port = 0; if ((crp->client = clntudp_create(&server_addr, (rpc_u_int32)prognum, diff --git a/src/lib/rpc/configure.in b/src/lib/rpc/configure.in index c2217044f..dde9d53fa 100644 --- a/src/lib/rpc/configure.in +++ b/src/lib/rpc/configure.in @@ -6,7 +6,11 @@ AC_PROG_ARCHIVE AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL - +dnl Arrange for types.hin to include stdlib.h +AC_CHECK_HEADER(stdlib.h, [ + STDLIB_INCLUDE="#include <stdlib.h>"], + [STDLIB_INCLUDE=""]) +AC_SUBST(STDLIB_INCLUDE) dnl ### Check where struct rpcent is declared. # # This is necessary to determine: diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index fa4c54e78..7986a384c 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -38,6 +38,46 @@ static char sccsid[] = "@(#)get_myaddress.c 1.4 87/08/11 Copyr 1984 Sun Micro"; * Copyright (C) 1984, Sun Microsystems, Inc. */ +#ifdef GSSAPI_KRB5 +#include <rpc/types.h> +#include <rpc/pmap_prot.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <krb5.h> +/* + * don't use gethostbyname, which would invoke yellow pages + */ +get_myaddress(addr) + struct sockaddr_in *addr; +{ + krb5_address **addrs, **a; + int ret; + + /* Hack! krb5_os_localaddr does not use the context arg! */ + if (ret = krb5_os_localaddr(NULL, &addrs)) { + com_err("get_myaddress", ret, "calling krb5_os_localaddr"); + exit(1); + } + a = addrs; + while (*a) { + if ((*a)->addrtype == ADDRTYPE_INET) { + memset(addr, 0, sizeof(*addr)); + addr->sin_family = AF_INET; + addr->sin_port = htons(PMAPPORT); + memcpy(&addr->sin_addr, (*a)->contents, sizeof(addr->sin_addr)); + break; + } + a++; + } + if (*a == NULL) { + com_err("get_myaddress", 0, "no local AF_INET address"); + exit(1); + } + /* Hack! krb5_free_addresses does not use the context arg! */ + krb5_free_addresses(NULL, addrs); +} + +#else /* !GSSAPI_KRB5 */ #include <rpc/types.h> #include <rpc/pmap_prot.h> #include <sys/socket.h> @@ -93,3 +133,4 @@ get_myaddress(addr) } (void) close(s); } +#endif /* !GSSAPI_KRB5 */ diff --git a/src/lib/rpc/getrpcport.c b/src/lib/rpc/getrpcport.c index d209a1527..1bc239f94 100644 --- a/src/lib/rpc/getrpcport.c +++ b/src/lib/rpc/getrpcport.c @@ -48,7 +48,7 @@ getrpcport(host, prognum, versnum, proto) if ((hp = gethostbyname(host)) == NULL) return (0); - memmove((char *) &addr.sin_addr, hp->h_addr, hp->h_length); + memmove((char *) &addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); addr.sin_family = AF_INET; addr.sin_port = 0; return (pmap_getport(&addr, prognum, versnum, proto)); diff --git a/src/lib/rpc/types.hin b/src/lib/rpc/types.hin index 9bd357d70..8722759cc 100644 --- a/src/lib/rpc/types.hin +++ b/src/lib/rpc/types.hin @@ -61,9 +61,7 @@ typedef unsigned long rpc_u_int32; # define NULL 0 #endif -#if defined(__osf__) -#include <stdlib.h> -#endif +@STDLIB_INCLUDE@ #define mem_alloc(bsize) (char *) malloc(bsize) #define mem_free(ptr, bsize) free(ptr) diff --git a/src/lib/rpc/unit-test/ChangeLog b/src/lib/rpc/unit-test/ChangeLog index 05a3de540..0303efb29 100644 --- a/src/lib/rpc/unit-test/ChangeLog +++ b/src/lib/rpc/unit-test/ChangeLog @@ -1,3 +1,7 @@ +Wed Nov 20 16:00:21 1996 Barry Jaspan <bjaspan@mit.edu> + + * Makefile.in (unit-test-): warn more loudly about unrun tests + Thu Nov 14 22:27:05 1996 Tom Yu <tlyu@mit.edu> * server.c (main): Add declaration of optind for systems that diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in index 3690dc349..26c10c79d 100644 --- a/src/lib/rpc/unit-test/Makefile.in +++ b/src/lib/rpc/unit-test/Makefile.in @@ -29,8 +29,10 @@ client.o server.o: rpc_test.h check unit-test:: unit-test-@DO_TEST@ unit-test-: - @echo "The rpc tests require Perl, Tcl, and runtest" - @echo "No tests run here" + @echo "+++" + @echo "+++ WARNING: lib/rpc unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup |