Fix DES_INT32 definition

Intial merge of KfM des library API. Update krb.h to use offsets from krb_err.et constants as error codes. Fix up definitions of KRB4_32, KRB_INT32, KRB_UINT32. ticket: 1189 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14904 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2002-09-27 04:26:59 +0000
committer: Tom Yu <tlyu@mit.edu> 2002-09-27 04:26:59 +0000
commit: 505c79ff465e719a5c22d80047a54aee7e3cf4f6 (patch)
tree: dc0c6a9b11327c98dd7b1795e8ddb6a37d76dd9b /src
parent: 16f8791b67032adfc3282675a4d40f60acd0e58d (diff)
download: krb5-505c79ff465e719a5c22d80047a54aee7e3cf4f6.tar.gz
krb5-505c79ff465e719a5c22d80047a54aee7e3cf4f6.tar.xz
krb5-505c79ff465e719a5c22d80047a54aee7e3cf4f6.zip
18 files changed, 439 insertions, 219 deletions
diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog
index 46ea0826a..b4cd422c1 100644
--- a/src/include/kerberosIV/ChangeLog
+++ b/src/include/kerberosIV/ChangeLog
@@ -1,3 +1,14 @@
+2002-09-26  Tom Yu  <tlyu@mit.edu>
+
+	* des.h: Some initial work for KfM integration.  Clean up
+	DES_INT32 selection.  Set up for inclusion by
+	lib/crypto/des/des_int.h, which will define a special macro to
+	prevent the krb4-specific stuff from being declared.
+
+	* krb.h: Initial work for KfM integration.  Fix up KRB4_32, and
+	add KRB_INT32, KRB_UINT32.  Change all error code macros to be
+	offsets from krb_err.et symbols.
+
 2002-09-18  Ken Raeburn  <raeburn@mit.edu>
 
 	* krb.h: Add extern "C" markers in case a C++ compiler is used.
diff --git a/src/include/kerberosIV/des.h b/src/include/kerberosIV/des.h
index 8ec32da2e..46a4f527d 100644
--- a/src/include/kerberosIV/des.h
+++ b/src/include/kerberosIV/des.h
@@ -1,8 +1,8 @@
 /*
  * include/kerberosIV/des.h
  *
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
@@ -26,10 +26,82 @@
  * Include file for the Data Encryption Standard library.
  */
 
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+	#include <TargetConditionals.h>
+    #if TARGET_RT_MAC_CFM
+        #error "Use KfM 4.0 SDK headers for CFM compilation."
+    #endif
+#endif
+
+#ifndef KRB5INT_DES_TYPES_DEFINED
+#define KRB5INT_DES_TYPES_DEFINED
+
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma import on
+        #pragma enumsalwaysint on
+    #endif
+    #pragma options align=mac68k
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8];	/* crypto-block size */
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct { union { DES_INT32 pad; des_cblock _;} __; } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 is ever more than 4 bytes.
+ * The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32].  If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions.  We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16];
+
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma enumsalwaysint reset
+        #pragma import reset
+    #endif
+	#pragma options align=reset
+#endif
+
+#endif /* KRB5INT_DES_TYPES_DEFINED */
+
 /* only do the whole thing once	 */
 #ifndef DES_DEFS
+/*
+ * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily
+ * to avoid including the defintions and declarations below.  The
+ * reason that the crypto library needs to include this file is that
+ * it needs to have its types aligned with krb4's types.
+ */
+#ifndef KRB5INT_CRYPTO_DES_INT
 #define DES_DEFS
 
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma import on
+        #pragma enumsalwaysint on
+    #endif
+    #pragma options align=mac68k
+#endif
+
 #if defined(_WIN32) && !defined(_WINDOWS)
 #define _WINDOWS
 #endif
@@ -40,9 +112,6 @@
 #endif
 #include <win-mac.h>
 #endif
-#ifdef __STDC__
-#include <limits.h>
-#endif
 #include <stdio.h> /* need FILE for des_cblock_print_file */
 
 /* Windows declarations */
@@ -51,50 +120,6 @@
 #define KRB5_CALLCONV_C
 #endif
 
-#ifndef KRB4_32
-#ifdef SIZEOF_INT
-#if SIZEOF_INT >= 4
-#define KRB4_32 int
-#else  /* !(SIZEOF_INT >= 4) */
-#define KRB4_32 long
-#endif /* !(SIZEOF_INT >= 4) */
-#else  /* !defined(SIZEOF_INT) */
-#ifdef __STDC__
-#if INT_MAX >= 0x7fffffff
-#define KRB4_32 int
-#else  /* !(INT_MAX >= 0x7ffffff) */
-#define KRB4_32 long
-#endif /* !(INT_MAX >= 0x7ffffff) */
-#else  /* !defined(__STDC__) */
-#define KRB4_32 long		/* worst case */
-#endif /* !defined(__STDC__) */
-#endif /* !defined(SIZEOF_INT) */
-#endif /* !defined(KRB4_32) */
-
-/* Key schedule */
-/* Ick.  We need this in here unfortunately... */
-#ifndef DES_INT32
-#define DES_INT32 KRB4_32
-#endif
-
-/*
- *
- * NOTE WELL:
- *
- * This section must be kept in sync with lib/crypto/des/des_int.h,
- * until we get around to actually combining them at the source level.
- * We can't right now, because both the Mac and Windows platforms are
- * using their own versions of krb4 des.h, and that's the one that
- * would have to have the definitions because we install it under UNIX.
- *
- */
-#ifndef KRB5INT_DES_TYPES_DEFINED
-#define KRB5INT_DES_TYPES_DEFINED
-typedef unsigned char des_cblock[8];	/* crypto-block size */
-typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16];
-#endif
-/* end sync */
-
 #define DES_KEY_SZ 	(sizeof(des_cblock))
 #define DES_ENCRYPT	1
 #define DES_DECRYPT	0
@@ -119,7 +144,6 @@ typedef struct des_ks_struct bit_64;
 
 #define des_cblock_print(x) des_cblock_print_file(x, stdout)
 
-
 /*
  * Function Prototypes
  */
@@ -132,25 +156,24 @@ des_pcbc_encrypt (C_Block *in, C_Block *out, long length,
 		  int enc);
 
 unsigned long KRB5_CALLCONV
-des_quad_cksum (const unsigned char *in, unsigned KRB4_32 *out,
+des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out,
 		long length, int out_count, C_Block *seed);
-
+/*
+ * XXX ABI change: used to return void; also, cns/kfm have signed long
+ * instead of unsigned long length.
+ */
+unsigned long KRB5_CALLCONV
+des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long,
+	      const des_key_schedule, const des_cblock *);
 int KRB5_CALLCONV des_string_to_key (const char *, C_Block);
 
-/* new */
-#ifdef KRB5_GENERAL__
-/* Why are we using krb5 types as part of this API?  */
-void KRB5_CALLCONV
-des_cbc_cksum(const krb5_octet *, krb5_octet *, unsigned long,
-	      const des_key_schedule, const krb5_octet *);
-int des_cbc_encrypt(krb5_octet *, krb5_octet *, unsigned long,
-		    const des_key_schedule, const krb5_octet *, int);
-krb5_error_code des_read_password(des_cblock *, char *, int);
-#endif
-/* The unsigned long pointers are indicative of the desired alignment;
-   the values there aren't really treated as long values.  */
-int KRB5_CALLCONV des_ecb_encrypt(unsigned long *, unsigned long *,
-					      const des_key_schedule, int);
+/* XXX ABI change: used to return krb5_error_code */
+int KRB5_CALLCONV des_read_password(des_cblock *, char *, int);
+int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *,
+				  const des_key_schedule, int);
+/* XXX kfm/cns have signed long length */
+int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long,
+		    const des_key_schedule, const des_cblock *, int);
 void des_fixup_key_parity(des_cblock);
 int des_check_key_parity(des_cblock);
 int KRB5_CALLCONV des_new_random_key(des_cblock);
@@ -159,4 +182,51 @@ int des_random_key(des_cblock *);
 int des_is_weak_key(des_cblock);
 void des_cblock_print_file(des_cblock *, FILE *fp);
 
+#if TARGET_OS_MAC
+
+/*
+ * Stuff ported from KfM follows...
+ */
+
+void afs_string_to_key(char *, char *, des_cblock);
+
+/*
+ * AFS string2key support; they should be considered internal, but KfM
+ * exposes them.
+ */
+char *des_crypt(const char *, const char *);
+char *des_fcrypt(const char *, const char *, char *);
+int des_set_key(des_cblock *, des_key_schedule);
+
+/*
+ * internal used by des_read_password, but kfm exposes it
+ */
+int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
+
+void des_3cbc_encrypt(des_cblock *, des_cblock *, long, des_key_schedule, des_key_schedule, des_key_schedule, des_cblock *, int);
+void des_3ecb_encrypt(des_cblock *, des_cblock *, des_key_schedule, des_key_schedule, des_key_schedule, int);
+
+/*
+ * Should be internal to crypto/des/f_sched.c, but KfM exposes it.
+ */
+int make_key_sched(des_cblock *, des_key_schedule);
+
+/*
+ * XXX need to implement the following three:
+ */
+void des_generate_random_block(des_cblock);
+void des_set_random_generator_seed(des_cblock);
+void des_set_sequence_number(des_cblock);
+
+#endif /* TARGET_OS_MAC */
+
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma enumsalwaysint reset
+        #pragma import reset
+    #endif
+	#pragma options align=reset
+#endif
+
+#endif /* KRB5INT_CRYPTO_DES_INT */
 #endif	/* DES_DEFS */
diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h
index 8e22835c1..30376bcfd 100644
--- a/src/include/kerberosIV/krb.h
+++ b/src/include/kerberosIV/krb.h
@@ -33,6 +33,10 @@
 /* Need some defs from des.h	 */
 #include <kerberosIV/des.h>
 
+#define KRB4_32		DES_INT32
+#define KRB_INT32	DES_INT32
+#define KRB_UINT32	DES_UINT32
+
 #ifdef _WINDOWS
 #include <time.h>
 #endif /* _WINDOWS */
@@ -41,22 +45,10 @@
 #define		MAX_KRB_ERRORS	256
 extern const char *const krb_err_txt[MAX_KRB_ERRORS];
 
-/* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */
-#if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)
-#define FD_ZERO(p)  ((p)->fds_bits[0] = 0)
-#define FD_SET(n, p)   ((p)->fds_bits[0] |= (1 << (n)))
-#define FD_ISSET(n, p)   ((p)->fds_bits[0] & (1 << (n)))
-#endif /* ULTRIX022 || SunOS */
-
 /* General definitions */
 #define		KSUCCESS	0
 #define		KFAILURE	255
 
-#ifdef NO_UIDGID_T
-typedef unsigned short uid_t;
-typedef unsigned short gid_t;
-#endif /* NO_UIDGID_T */
-
 /*
  * Kerberos specific definitions 
  *
@@ -92,7 +84,7 @@ typedef unsigned short gid_t;
 #define		MAX_HSTNM	100
 
 #ifndef DEFAULT_TKT_LIFE		/* allow compile-time override */
-#define DEFAULT_TKT_LIFE	255	/* default lifetime for krb_mk_req */
+#define DEFAULT_TKT_LIFE	120	/* default lifetime for krb_mk_req */
 #endif
 
 /* Definition of text structure used to pass text around */
@@ -160,6 +152,10 @@ struct credentials {
     KRB4_32 issue_date;		/* The issue time */
     char    pname[ANAME_SZ];	/* Principal's name */
     char    pinst[INST_SZ];	/* Principal's instance */
+#if TARGET_OS_MAC
+    KRB_UINT32 address;			/* Address in ticket */
+    KRB_UINT32 stk_type;		/* string_to_key function needed */
+#endif
 };
 
 typedef struct credentials CREDENTIALS;
@@ -186,88 +182,89 @@ typedef struct msg_dat MSG_DAT;
 #define TKT_ROOT        "/tmp/tkt"
 #endif /* PC */
 
-/* Error codes returned from the KDC */
-#define		KDC_OK		0	/* Request OK */
-#define		KDC_NAME_EXP	1	/* Principal expired */
-#define		KDC_SERVICE_EXP	2	/* Service expired */
-#define		KDC_AUTH_EXP	3	/* Auth expired */
-#define		KDC_PKT_VER	4	/* Protocol version unknown */
-#define		KDC_P_MKEY_VER	5	/* Wrong master key version */
-#define		KDC_S_MKEY_VER 	6	/* Wrong master key version */
-#define		KDC_BYTE_ORDER	7	/* Byte order unknown */
-#define		KDC_PR_UNKNOWN	8	/* Principal unknown */
-#define		KDC_PR_N_UNIQUE 9	/* Principal not unique */
-#define		KDC_NULL_KEY   10	/* Principal has null key */
-#define		KDC_GEN_ERR    20	/* Generic error from KDC */
+#include "kerberosIV/krb_err.h"		/* XXX FIXME! */
+#define KRB_ET(x)	((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
 
+/* Error codes returned from the KDC */
+#define	KDC_OK		KRB_ET(KSUCCESS)	/*  0 - Request OK */
+#define	KDC_NAME_EXP	KRB_ET(KDC_NAME_EXP)	/*  1 - Principal expired */
+#define	KDC_SERVICE_EXP	KRB_ET(KDC_SERVICE_EXP)	/*  2 - Service expired */
+#define	KDC_AUTH_EXP	KRB_ET(KDC_AUTH_EXP)	/*  3 - Auth expired */
+#define	KDC_PKT_VER	KRB_ET(KDC_PKT_VER)	/*  4 - Prot version unknown */
+#define	KDC_P_MKEY_VER	KRB_ET(KDC_P_MKEY_VER)	/*  5 - Wrong mkey version */
+#define	KDC_S_MKEY_VER 	KRB_ET(KDC_S_MKEY_VER)	/*  6 - Wrong mkey version */
+#define	KDC_BYTE_ORDER	KRB_ET(KDC_BYTE_ORDER)	/*  7 - Byte order unknown */
+#define	KDC_PR_UNKNOWN	KRB_ET(KDC_PR_UNKNOWN)	/*  8 - Princ unknown */
+#define	KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE)	/*  9 - Princ not unique */
+#define	KDC_NULL_KEY	KRB_ET(KDC_NULL_KEY)	/* 10 - Princ has null key */
+#define	KDC_GEN_ERR	KRB_ET(KDC_GEN_ERR)	/* 20 - Generic err frm KDC */
 
 /* Values returned by get_credentials */
-#define		GC_OK		0	/* Retrieve OK */
-#define		RET_OK		0	/* Retrieve OK */
-#define		GC_TKFIL       21	/* Can't read ticket file */
-#define		RET_TKFIL      21	/* Can't read ticket file */
-#define		GC_NOTKT       22	/* Can't find ticket or TGT */
-#define		RET_NOTKT      22	/* Can't find ticket or TGT */
-
+#define	GC_OK		KRB_ET(KSUCCESS)	/*  0 - Retrieve OK */
+#define	RET_OK		KRB_ET(KSUCCESS)	/*  0 - Retrieve OK */
+#define	GC_TKFIL	KRB_ET(GC_TKFIL)	/* 21 - Can't rd tkt file */
+#define	RET_TKFIL	KRB_ET(GC_TKFIL)	/* 21 - Can't rd tkt file */
+#define	GC_NOTKT	KRB_ET(GC_NOTKT)	/* 22 - Can't find tkt|TGT */
+#define	RET_NOTKT	KRB_ET(GC_NOTKT)	/* 22 - Can't find tkt|TGT */
 
 /* Values returned by mk_ap_req	 */
-#define		MK_AP_OK	0	/* Success */
-#define		MK_AP_TGTEXP   26	/* TGT Expired */
+#define	MK_AP_OK	KRB_ET(KSUCCESS)	/*  0 - Success */
+#define	MK_AP_TGTEXP	KRB_ET(MK_AP_TGTEXP)	/* 26 - TGT Expired */
 
 /* Values returned by rd_ap_req */
-#define		RD_AP_OK	0	/* Request authentic */
-#define		RD_AP_UNDEC    31	/* Can't decode authenticator */
-#define		RD_AP_EXP      32	/* Ticket expired */
-#define		RD_AP_NYV      33	/* Ticket not yet valid */
-#define		RD_AP_REPEAT   34	/* Repeated request */
-#define		RD_AP_NOT_US   35	/* The ticket isn't for us */
-#define		RD_AP_INCON    36	/* Request is inconsistent */
-#define		RD_AP_TIME     37	/* delta_t too big */
-#define		RD_AP_BADD     38	/* Incorrect net address */
-#define		RD_AP_VERSION  39	/* protocol version mismatch */
-#define		RD_AP_MSG_TYPE 40	/* invalid msg type */
-#define		RD_AP_MODIFIED 41	/* message stream modified */
-#define		RD_AP_ORDER    42	/* message out of order */
-#define		RD_AP_UNAUTHOR 43	/* unauthorized request */
+#define	RD_AP_OK	KRB_ET(KSUCCESS)	/*  0 - Request authentic */
+#define	RD_AP_UNDEC	KRB_ET(RD_AP_UNDEC)	/* 31 - Can't decode authent */
+#define	RD_AP_EXP	KRB_ET(RD_AP_EXP)	/* 32 - Ticket expired */
+#define	RD_AP_NYV	KRB_ET(RD_AP_NYV)	/* 33 - Ticket not yet valid */
+#define	RD_AP_REPEAT	KRB_ET(RD_AP_REPEAT)	/* 34 - Repeated request */
+#define	RD_AP_NOT_US	KRB_ET(RD_AP_NOT_US)	/* 35 - Ticket isn't for us */
+#define	RD_AP_INCON	KRB_ET(RD_AP_INCON)	/* 36 - Request inconsistent */
+#define	RD_AP_TIME	KRB_ET(RD_AP_TIME)	/* 37 - delta_t too big */
+#define	RD_AP_BADD	KRB_ET(RD_AP_BADD)	/* 38 - Incorrect net addr */
+#define	RD_AP_VERSION	KRB_ET(RD_AP_VERSION)	/* 39 - prot vers mismatch */
+#define	RD_AP_MSG_TYPE	KRB_ET(RD_AP_MSG_TYPE)	/* 40 - invalid msg type */
+#define	RD_AP_MODIFIED	KRB_ET(RD_AP_MODIFIED)	/* 41 - msg stream modified */
+#define	RD_AP_ORDER	KRB_ET(RD_AP_ORDER)	/* 42 - message out of order */
+#define	RD_AP_UNAUTHOR	KRB_ET(RD_AP_UNAUTHOR)	/* 43 - unauthorized request */
 
 /* Values returned by get_pw_tkt */
-#define		GT_PW_OK	0	/* Got password changing tkt */
-#define		GT_PW_NULL     51	/* Current PW is null */
-#define		GT_PW_BADPW    52	/* Incorrect current password */
-#define		GT_PW_PROT     53	/* Protocol Error */
-#define		GT_PW_KDCERR   54	/* Error returned by KDC */
-#define		GT_PW_NULLTKT  55	/* Null tkt returned by KDC */
-
+#define	GT_PW_OK	KRB_ET(KSUCCESS)	/*  0 - Got passwd chg tkt */
+#define	GT_PW_NULL	KRB_ET(GT_PW_NULL)	/* 51 - Current PW is null */
+#define	GT_PW_BADPW	KRB_ET(GT_PW_BADPW)	/* 52 - Wrong passwd */
+#define	GT_PW_PROT	KRB_ET(GT_PW_PROT)	/* 53 - Protocol Error */
+#define	GT_PW_KDCERR	KRB_ET(GT_PW_KDCERR)	/* 54 - Error ret by KDC */
+#define	GT_PW_NULLTKT	KRB_ET(GT_PW_NULLTKT)	/* 55 - Null tkt ret by KDC */
 
 /* Values returned by send_to_kdc */
-#define		SKDC_OK		0	/* Response received */
-#define		SKDC_RETRY     56	/* Retry count exceeded */
-#define		SKDC_CANT      57	/* Can't send request */
+#define	SKDC_OK		KRB_ET(KSUCCESS)	/*  0 - Response received */
+#define	SKDC_RETRY	KRB_ET(SKDC_RETRY)	/* 56 - Retry count exceeded */
+#define	SKDC_CANT	KRB_ET(SKDC_CANT)	/* 57 - Can't send request */
 
 /*
  * Values returned by get_intkt
  * (can also return SKDC_* and KDC errors)
  */
 
-#define		INTK_OK		0	/* Ticket obtained */
-#define		INTK_W_NOTALL  61	/* Not ALL tickets returned */
-#define		INTK_BADPW     62	/* Incorrect password */
-#define		INTK_PROT      63	/* Protocol Error */
-#define		INTK_ERR       70	/* Other error */
+#define	INTK_OK		KRB_ET(KSUCCESS)	/*  0 - Ticket obtained */
+#define	INTK_PW_NULL	KRB_ET(GT_PW_NULL)	/* 51 - Current PW is null */
+#define	INTK_W_NOTALL	KRB_ET(INTK_W_NOTALL)	/* 61 - Not ALL tkts retd */
+#define	INTK_BADPW	KRB_ET(INTK_BADPW)	/* 62 - Incorrect password */
+#define	INTK_PROT	KRB_ET(INTK_PROT)	/* 63 - Protocol Error */
+#define	INTK_ERR	KRB_ET(INTK_ERR)	/* 70 - Other error */
 
 /* Values returned by get_adtkt */
-#define         AD_OK           0	/* Ticket Obtained */
-#define         AD_NOTGT       71	/* Don't have tgt */
+#define AD_OK		KRB_ET(KSUCCESS)	/*  0 - Ticket Obtained */
+#define AD_NOTGT	KRB_ET(AD_NOTGT)	/* 71 - Don't have tgt */
 
 /* Error codes returned by ticket file utilities */
-#define		NO_TKT_FIL	76	/* No ticket file found */
-#define		TKT_FIL_ACC	77	/* Couldn't access tkt file */
-#define		TKT_FIL_LCK	78	/* Couldn't lock ticket file */
-#define		TKT_FIL_FMT	79	/* Bad ticket file format */
-#define		TKT_FIL_INI	80	/* tf_init not called first */
+#define	NO_TKT_FIL	KRB_ET(NO_TKT_FIL)	/* 76 - No ticket file found */
+#define	TKT_FIL_ACC	KRB_ET(TKT_FIL_ACC)	/* 77 - Can't acc tktfile */
+#define	TKT_FIL_LCK	KRB_ET(TKT_FIL_LCK)	/* 78 - Can't lck tkt file */
+#define	TKT_FIL_FMT	KRB_ET(TKT_FIL_FMT)	/* 79 - Bad tkt file format */
+#define	TKT_FIL_INI	KRB_ET(TKT_FIL_INI)	/* 80 - tf_init not called */
 
 /* Error code returned by kparse_name */
-#define		KNAME_FMT	81	/* Bad Kerberos name format */
+#define	KNAME_FMT	KRB_ET(KNAME_FMT)	/* 81 - Bad krb name fmt */
 
 /* Error code returned by krb_mk_safe */
 #define		SAFE_PRIV_ERROR	-1	/* syscall error */
@@ -648,6 +645,24 @@ extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key);
 
 #endif
 
+#if TARGET_OS_MAC
+/* The following functions are not part of the standard Kerberos v4 API. 
+ * They were created for Mac implementation, and used by admin tools 
+ * such as CNS-Config. */
+extern int KRB5_CALLCONV
+krb_get_num_cred(void);
+
+extern int INTERFACE
+krb_get_nth_cred(char *, char *, char *, int);
+
+extern int INTERFACE
+krb_delete_cred(char *, char *,char *);
+
+extern int INTERFACE
+dest_all_tkts(void);
+
+#endif /* TARGET_OS_MAC */
+
 #ifdef _WINDOWS
 HINSTANCE get_lib_instance(void);
 unsigned int krb_get_notification_message(void);
diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog
index 254324fbc..d1246b641 100644
--- a/src/lib/crypto/des/ChangeLog
+++ b/src/lib/crypto/des/ChangeLog
@@ -1,3 +1,21 @@
+2002-09-26  Tom Yu  <tlyu@mit.edu>
+
+	* afsstring2key.c (krb5_afs_crypt): Leak this function out as as
+	mit_afs_crypt to allow for des_crypt and des_fcrypt
+	implementations for the KfM merge.
+
+	* des_int.h: Change DES_INT32 strategy to include kerberosIV/des.h
+	with a magic macro defined for skipping krb4-specific stuff.  Make
+	renaming of make_key_sched explicit, to avoid conflict with
+	kerberosIV/des.h.
+
+	* f_sched.c, key_sched.c, d3_kysched.c: Make renaming of
+	make_key_sched explicit.
+
+	* f_cksum.c (mit_des_cbc_cksum): Return only the rightmost 32
+	bits; this should optimize out on any platform where longs are
+	exactly 32 bits wide.
+
 2002-08-29  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in: Revert $(S)=>/ change, for Windows support.
diff --git a/src/lib/crypto/des/afsstring2key.c b/src/lib/crypto/des/afsstring2key.c
index 8773397f5..0fe65ba01 100644
--- a/src/lib/crypto/des/afsstring2key.c
+++ b/src/lib/crypto/des/afsstring2key.c
@@ -61,7 +61,8 @@
 #include "des_int.h"
 #include <ctype.h>
 
-static char *afs_crypt (char*,char*,char*);
+#define afs_crypt mit_afs_crypt
+char *afs_crypt (const char *, const char *, char *);
 
 #undef min
 #define min(a,b) ((a)>(b)?(b):(a))
@@ -337,9 +338,9 @@ static const char	S[8][64] = {
 };
  
  
-static char *afs_crypt(pw, salt, iobuf)
-     char *pw;
-     char *salt;
+char *afs_crypt(pw, salt, iobuf)
+     const char *pw;
+     const char *salt;
      char *iobuf;		/* must be at least 16 bytes */
 {
 	int i, j, c;
diff --git a/src/lib/crypto/des/d3_kysched.c b/src/lib/crypto/des/d3_kysched.c
index 6d9c27697..2bc93a9a2 100644
--- a/src/lib/crypto/des/d3_kysched.c
+++ b/src/lib/crypto/des/d3_kysched.c
@@ -28,9 +28,9 @@ mit_des3_key_sched(k,schedule)
     mit_des3_cblock k;
     mit_des3_key_schedule schedule;
 {
-    make_key_sched(k[0],schedule[0]);
-    make_key_sched(k[1],schedule[1]);
-    make_key_sched(k[2],schedule[2]);
+    mit_des_make_key_sched(k[0],schedule[0]);
+    mit_des_make_key_sched(k[1],schedule[1]);
+    mit_des_make_key_sched(k[2],schedule[2]);
 
     if (!mit_des_check_key_parity(k[0]))	/* bad parity --> return -1 */
 	return(-1);
diff --git a/src/lib/crypto/des/des_int.h b/src/lib/crypto/des/des_int.h
index 1b2a35141..25612767e 100644
--- a/src/lib/crypto/des/des_int.h
+++ b/src/lib/crypto/des/des_int.h
@@ -1,8 +1,8 @@
 /*
  * lib/crypto/des/des_int.h
  *
- * Copyright 1987, 1988, 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
@@ -64,40 +64,10 @@
 #ifndef KRB5_MIT_DES__
 #define KRB5_MIT_DES__
 
-#ifndef DES_INT32
-#ifdef SIZEOF_INT
-#if SIZEOF_INT >= 4
-#define DES_INT32 int
-#else
-#define DES_INT32 long
-#endif
-#else /* !defined(SIZEOF_INT) */
-#include <limits.h>
-#if (UINT_MAX >= 0xffffffff)
-#define DES_INT32 int
-#else
-#define DES_INT32 long
-#endif
-#endif /* !defined(SIZEOF_INT) */
-#endif /* !defined(DES_INT32) */
+#define KRB5INT_CRYPTO_DES_INT	/* skip krb4-specific DES stuff */
+#include "kerberosIV/des.h"	/* for des_key_schedule, etc. */
+#undef KRB5INT_CRYPTO_DES_INT	/* don't screw other inclusions of des.h */
 
-/*
- *
- * NOTE WELL:
- *
- * This section must be kept in sync with include/kerberosIV/des.h,
- * until we get around to actually combining them at the source level.
- * We can't right now, because both the Mac and Windows platforms are
- * using their own versions of krb4 des.h, and that's the one that
- * would have to have the definitions because we install it under UNIX.
- *
- */
-#ifndef KRB5INT_DES_TYPES_DEFINED
-#define KRB5INT_DES_TYPES_DEFINED
-typedef unsigned char des_cblock[8];	/* crypto-block size */
-typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16];
-#endif
-/* end sync */
 typedef des_cblock mit_des_cblock;
 typedef des_key_schedule mit_des_key_schedule;
 
@@ -217,8 +187,7 @@ krb5_error_code mit_des_combine_subkeys
 int mit_des_pcbc_encrypt ();
 
 /* f_sched.c */
-#define make_key_sched mit_des_make_key_sched
-int make_key_sched (mit_des_cblock, mit_des_key_schedule);
+int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule);
 
 
 /* misc.c */
diff --git a/src/lib/crypto/des/f_cksum.c b/src/lib/crypto/des/f_cksum.c
index 87b9c7f4b..8c80751de 100644
--- a/src/lib/crypto/des/f_cksum.c
+++ b/src/lib/crypto/des/f_cksum.c
@@ -120,5 +120,5 @@ mit_des_cbc_cksum(in, out, length, schedule, ivec)
 	 * inconsistantly (with the low order byte of the checksum
 	 * not always in the low order byte of the DES_INT32).  We won't.
 	 */
-	return right;
+	return right & 0xFFFFFFFFUL;
 }
diff --git a/src/lib/crypto/des/f_sched.c b/src/lib/crypto/des/f_sched.c
index 6dbde1fcd..a3b1bf0e4 100644
--- a/src/lib/crypto/des/f_sched.c
+++ b/src/lib/crypto/des/f_sched.c
@@ -220,7 +220,7 @@ static const unsigned DES_INT32 PC2_D[4][64] = {
  * Permute the key to give us our key schedule.
  */
 int
-make_key_sched(key, schedule)
+mit_des_make_key_sched(key, schedule)
      mit_des_cblock key;
      mit_des_key_schedule schedule;
 {
diff --git a/src/lib/crypto/des/key_sched.c b/src/lib/crypto/des/key_sched.c
index c84451dbc..b28c16fae 100644
--- a/src/lib/crypto/des/key_sched.c
+++ b/src/lib/crypto/des/key_sched.c
@@ -50,7 +50,7 @@ mit_des_key_sched(k,schedule)
     mit_des_cblock k;
     mit_des_key_schedule schedule;
 {
-    make_key_sched(k,schedule);
+    mit_des_make_key_sched(k,schedule);
 
     if (!mit_des_check_key_parity(k))	/* bad parity --> return -1 */
 	return(-1);
diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog
index 92f569f1f..70ee74139 100644
--- a/src/lib/des425/ChangeLog
+++ b/src/lib/des425/ChangeLog
@@ -1,3 +1,29 @@
+2002-09-26  Tom Yu  <tlyu@mit.edu>
+
+	* cksum.c (des_cbc_cksum): Update API for KfM merge.
+
+	* des.c (des_ecb_encrypt): Update API for KfM merge.
+	(des_3ecb_encrypt): New (emulated) function from KfM.
+
+	* enc_dec.c (des_cbc_encrypt): Update API for KfM merge.
+	(des_3cbc_encrypt): New (emulated) function from KfM.
+
+	* key_sched.c (make_key_sched): New (emulated) function for KfM.
+
+	* new_rnd_key.c (des_generate_random_block) 
+	(des_set_random_generator_seed, des_set_sequence_number):
+	New (emulated) functions from KfM.
+
+	* read_passwd.c (des_rd_pwstr_2prompt): Renamed from
+	des_read_pw_string; also now only returns -1, errno, or 0.
+	(des_read_pw_string): New (emulated) function from KfM.
+	(des_read_password): Update API for KfM merge.
+
+	* str_to_key.c (des_string_to_key): Update call to des_cbc_cksum.
+	(afs_string_to_key): New (emulated) function from KfM.
+	(des_crypt, des_fcrypt, des_set_key): New (emulated) functions
+	from KfM, presumed to be internal but exported by KfM anyway.
+
 2002-08-29  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in: Revert $(S)=>/ change, for Windows support.
diff --git a/src/lib/des425/cksum.c b/src/lib/des425/cksum.c
index d2c3f058f..33b5322ac 100644
--- a/src/lib/des425/cksum.c
+++ b/src/lib/des425/cksum.c
@@ -55,13 +55,14 @@
  * multiple of eight bytes.
  */
 
-void KRB5_CALLCONV
+unsigned long KRB5_CALLCONV
 des_cbc_cksum(in,out,length,key,iv)
-    const krb5_octet  *in;		/* >= length bytes of inputtext */
-    krb5_octet  *out;			/* >= length bytes of outputtext */
+    const des_cblock  *in;		/* >= length bytes of inputtext */
+    des_cblock  *out;			/* >= length bytes of outputtext */
     register unsigned long length;	/* in bytes */
     const mit_des_key_schedule key;	/* precomputed key schedule */
-    const krb5_octet  *iv;		/* 8 bytes of ivec */
+    const des_cblock  *iv;		/* 8 bytes of ivec */
 {
-	mit_des_cbc_cksum(in, out, length, key, iv);
+    return mit_des_cbc_cksum((const krb5_octet *)in, (krb5_octet *)out,
+			     length, key, (krb5_octet *)iv);
 }
diff --git a/src/lib/des425/des.c b/src/lib/des425/des.c
index e8132a7a3..df636d238 100644
--- a/src/lib/des425/des.c
+++ b/src/lib/des425/des.c
@@ -31,14 +31,25 @@
 
 int KRB5_CALLCONV
 des_ecb_encrypt(clear, cipher, schedule, enc)
-    unsigned long *clear;
-    unsigned long *cipher;
+    des_cblock *clear;
+    des_cblock *cipher;
     const mit_des_key_schedule schedule;
     int enc;		/* 0 ==> decrypt, else encrypt */
 {
     static const des_cblock iv;
 
-    return (mit_des_cbc_encrypt((const des_cblock *) clear,
-				(des_cblock *) cipher,
+    return (mit_des_cbc_encrypt((const des_cblock *)clear, cipher,
 				8, schedule, iv, enc));
 }
+
+#if TARGET_OS_MAC
+void
+des_3ecb_encrypt(des_cblock *clear, des_cblock *cipher,
+		 des_key_schedule ks1, des_key_schedule ks2,
+		 des_key_schedule ks3, int enc)
+{
+    static const des_cblock iv;
+
+    mit_des3_cbc_encrypt((const des_cblock *)clear, cipher, 8, ks1, ks2, ks3, iv, enc);
+}
+#endif
diff --git a/src/lib/des425/enc_dec.c b/src/lib/des425/enc_dec.c
index f7e4ac80e..a25b744f6 100644
--- a/src/lib/des425/enc_dec.c
+++ b/src/lib/des425/enc_dec.c
@@ -32,15 +32,27 @@
 
 int
 des_cbc_encrypt(in,out,length,key,iv,enc)
-    krb5_octet   *in;	/* >= length bytes of input text */
-    krb5_octet  *out;		/* >= length bytes of output text */
+    des_cblock   *in;	/* >= length bytes of input text */
+    des_cblock  *out;		/* >= length bytes of output text */
     register unsigned long length;	/* in bytes */
     const mit_des_key_schedule key;		/* precomputed key schedule */
-    const krb5_octet *iv;		/* 8 bytes of ivec */
+    const des_cblock *iv;		/* 8 bytes of ivec */
     int enc;		/* 0 ==> decrypt, else encrypt */
 {
 	return (mit_des_cbc_encrypt((const des_cblock *) in,
-                                (des_cblock *) out,
-                                length, key, iv, enc));
+				    out, length, key,
+				    (const unsigned char *)iv, /* YUCK! */
+				    enc));
 }
 
+#if TARGET_OS_MAC
+void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length,
+		      des_key_schedule ks1, des_key_schedule ks2,
+		      des_key_schedule ks3, des_cblock *iv, int enc)
+{
+    mit_des3_cbc_encrypt((const des_cblock *)in, out, (unsigned long)length,
+			 ks1, ks2, ks3,
+			 (const unsigned char *)iv, /* YUCK! */
+			 enc);
+}
+#endif
diff --git a/src/lib/des425/key_sched.c b/src/lib/des425/key_sched.c
index 70f61ce5e..0034ff375 100644
--- a/src/lib/des425/key_sched.c
+++ b/src/lib/des425/key_sched.c
@@ -38,3 +38,10 @@ des_key_sched(k,schedule)
 {
     return (mit_des_key_sched(k, schedule));
 }
+
+#if TARGET_OS_MAC
+int make_key_sched(des_cblock *k, des_key_schedule schedule)
+{
+    return mit_des_key_sched((unsigned char *)k, schedule); /* YUCK! */
+}
+#endif
diff --git a/src/lib/des425/new_rnd_key.c b/src/lib/des425/new_rnd_key.c
index 73dd8a243..1f50f9e59 100644
--- a/src/lib/des425/new_rnd_key.c
+++ b/src/lib/des425/new_rnd_key.c
@@ -54,6 +54,7 @@
 
 #include "des_int.h"
 #include "des.h"
+#include "k5-int.h"
 
 void
 des_init_random_number_generator(key)
@@ -93,3 +94,27 @@ des_new_random_key(key)
 
     return 0;
 }
+
+#if TARGET_OS_MAC
+
+void des_generate_random_block(des_cblock block)
+{
+    krb5_data data;
+
+    data.length = sizeof(des_cblock);
+    data.data = (char *)block;
+    if (krb5_c_random_make_octets(/* XXX */ 0, &data))
+	abort();		/* XXX */
+}
+
+void des_set_random_generator_seed(des_cblock block)
+{
+    des_init_random_number_generator(block); /* XXX */
+}
+
+void des_set_sequence_number(des_cblock block)
+{
+    des_init_random_number_generator(block); /* XXX */
+}
+
+#endif
diff --git a/src/lib/des425/read_passwd.c b/src/lib/des425/read_passwd.c
index 2c77cfdb7..0a56f4822 100644
--- a/src/lib/des425/read_passwd.c
+++ b/src/lib/des425/read_passwd.c
@@ -45,7 +45,6 @@
 static jmp_buf pwd_jump;
 
 static krb5_sigtype intr_routine (int);
-krb5_error_code des_read_pw_string (char *, int, char *, char *);
 
 static krb5_sigtype
 intr_routine(signo)
@@ -55,10 +54,13 @@ intr_routine(signo)
     /*NOTREACHED*/
 }
 
+/* This is re-declared here because des.h might not declare it. */
+int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
+static int des_rd_pwstr_2prompt(char *, int, char *, char *);
 
 /*** Routines ****************************************************** */
-krb5_error_code
-des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2)
+static int
+des_rd_pwstr_2prompt(return_pwd, bufsize_in, prompt, prompt2)
     char *return_pwd;
     int bufsize_in;
     char *prompt;
@@ -68,7 +70,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2)
     register char *ptr;
     int scratchchar;
     krb5_sigtype (*volatile ointrfunc)();
-    krb5_error_code errcode;
+    int errcode;
     size_t bufsize = bufsize_in;
 #ifndef ECHO_PASSWORD
     struct termios echo_control, save_control;
@@ -88,7 +90,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2)
 #endif /* ECHO_PASSWORD */
 
     if (setjmp(pwd_jump)) {
-	errcode = KRB5_LIBOS_PWDINTR; 	/* we were interrupted... */
+	errcode = -1;		/* we were interrupted... */
 	goto cleanup;
     }
     /* save intrfunc */
@@ -101,7 +103,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2)
 
     if (fgets(return_pwd, bufsize_in, stdin) == NULL) {
 	(void) putchar('\n');
-	errcode = KRB5_LIBOS_CANTREADPWD;
+	errcode = -1;
 	goto cleanup;
     }
     (void) putchar('\n');
@@ -127,7 +129,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2)
 	(void) memset((char *)readin_string, 0, bufsize);
 	if (fgets((char *)readin_string, bufsize_in, stdin) == NULL) {
 	    (void) putchar('\n');
-	    errcode = KRB5_LIBOS_CANTREADPWD;
+	    errcode = -1;
 	    goto cleanup;
 	}
 	(void) putchar('\n');
@@ -141,7 +143,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2)
 	    
 	/* compare */
 	if (strncmp(return_pwd, (char *)readin_string, bufsize)) {
-	    errcode = KRB5_LIBOS_BADPWDMATCH;
+	    errcode = -1;
 	    goto cleanup;
 	}
     }
@@ -164,27 +166,39 @@ cleanup:
     return errcode;
 }
 
-krb5_error_code
-des_read_password/*_v4_compat_crock*/(k,prompt,verify)
+int KRB5_CALLCONV
+des_read_password(k,prompt,verify)
     mit_des_cblock *k;
     char *prompt;
     int	verify;
 {
-    krb5_error_code ok;
+    int ok;
     char key_string[BUFSIZ];
+
+    ok = des_read_pw_string(key_string, sizeof(key_string), prompt, verify);
+    if (ok == 0)
+	des_string_to_key(key_string, *k);
+
+    memset(key_string, 0, sizeof (key_string));
+    return ok;
+}
+
+int KRB5_CALLCONV
+des_read_pw_string(s, max, prompt, verify)
+    char *s;
+    int max;
+    char *prompt;
+    int	verify;
+{
+    int ok;
     char prompt2[BUFSIZ];
 
     if (verify) {
 	strcpy(prompt2, "Verifying, please re-enter ");
 	strncat(prompt2, prompt, sizeof(prompt2)-(strlen(prompt2)+1));
+	prompt2[sizeof(prompt2)-1] = '\0';
     }
-    ok = des_read_pw_string(key_string, sizeof(key_string),
-			    prompt, verify ? prompt2 : 0);
-    
-    if (ok == 0)
-	des_string_to_key(key_string, *k);
-
-    memset(key_string, 0, sizeof (key_string));
+    ok = des_rd_pwstr_2prompt(s, max, prompt, verify ? prompt2 : 0);
     return ok;
 }
 
diff --git a/src/lib/des425/str_to_key.c b/src/lib/des425/str_to_key.c
index 369b426ee..ccbf80621 100644
--- a/src/lib/des425/str_to_key.c
+++ b/src/lib/des425/str_to_key.c
@@ -129,8 +129,8 @@ des_string_to_key(str,key)
 
     /* Now one-way encrypt it with the folded key */
     (void) des_key_sched(key, key_sked);
-    (void) des_cbc_cksum((const unsigned char *) in_str, key, length,
-			 key_sked, key);
+    (void) des_cbc_cksum((const des_cblock *)in_str, (des_cblock *)key,
+			 length, key_sked, (const des_cblock *)key);
     /* erase key_sked */
     memset(key_sked, 0,sizeof(key_sked));
 
@@ -149,3 +149,43 @@ des_string_to_key(str,key)
 				/* return an int, and ANSI compilers */
 				/* can do dumb things sometimes */
 }
+
+#if TARGET_OS_MAC
+char *mit_afs_crypt (const char *, const char *, const char *);
+
+void afs_string_to_key(char *str, char *cell, des_cblock key)
+{
+    krb5_data str_data;
+    krb5_data cell_data;
+    krb5_keyblock keyblock;
+
+    str_data.data = str;
+    str_data.length = strlen(str);
+    cell_data.data = cell;
+    cell_data.length = strlen(cell);
+    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    keyblock.length = sizeof(des_cblock);
+    keyblock.contents = key;
+
+    mit_afs_string_to_key(&keyblock, &str_data, &cell_data);
+}
+
+char *des_crypt(const char *str, const char *salt)
+{
+    char afs_buf[16];
+
+    return des_fcrypt(str, salt, afs_buf);
+}
+
+char *des_fcrypt(const char *str, const char *salt, char *buf)
+{
+    return mit_afs_crypt(str, salt, buf);
+}
+
+/* Is this correct? */
+int des_set_key(des_cblock *key, des_key_schedule schedule)
+{
+    return make_key_sched(key, schedule);
+}
+
+#endif /* TARGET_OS_MAC */
author	Tom Yu <tlyu@mit.edu>	2002-09-27 04:26:59 +0000
committer	Tom Yu <tlyu@mit.edu>	2002-09-27 04:26:59 +0000
commit	505c79ff465e719a5c22d80047a54aee7e3cf4f6 (patch)
tree	dc0c6a9b11327c98dd7b1795e8ddb6a37d76dd9b /src
parent	16f8791b67032adfc3282675a4d40f60acd0e58d (diff)
download	krb5-505c79ff465e719a5c22d80047a54aee7e3cf4f6.tar.gz krb5-505c79ff465e719a5c22d80047a54aee7e3cf4f6.tar.xz krb5-505c79ff465e719a5c22d80047a54aee7e3cf4f6.zip