From lha at h5l.org Wed Sep 12 05:49:27 2012 From: lha at h5l.org (lha at h5l.org) Date: Wed, 12 Sep 2012 05:49:27 +0200 (CEST) Subject: [Heimdal-source-changes] [Heimdal] branch master updated. heimdal-1.5pre2-735-g846f6e0 Message-ID: <20120912034939.4D69673839@svn.h5l.org> The branch master has been updated via 846f6e0 always produce a signature that is the size of the modulus from 12f7c32 dd include flags for test cases. Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 846f6e0e7b76c3738652860ab1665cb497982576 Author: Love Hornquist Astrand Date: Tue Sep 11 20:45:43 2012 -0700 always produce a signature that is the size of the modulus 846f6e0e7b76c3738652860ab1665cb497982576 diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c index 0971438..491923a 100644 --- a/lib/hx509/crypto.c +++ b/lib/hx509/crypto.c @@ -740,11 +740,13 @@ rsa_create_signature(hx509_context context, "RSA private encrypt failed: %d", ret); return ret; } - if ((size_t)ret > sig->length) + if (sig->length > (size_t)ret) { + size = sig->length - ret; + memmove((uint8_t *)sig->data + size, sig->data, ret); + memset(sig->data, 0, size); + } else if (sig->length < (size_t)ret) _hx509_abort("RSA signature prelen longer the output len"); - sig->length = ret; - return 0; } ----------------------------------------------------------------------- Summary of changes: lib/hx509/crypto.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) From lha at h5l.org Sun Sep 23 19:43:47 2012 From: lha at h5l.org (lha at h5l.org) Date: Sun, 23 Sep 2012 19:43:47 +0200 (CEST) Subject: [Heimdal-source-changes] [Heimdal] branch master updated. heimdal-1.5pre2-736-g8fb0c01 Message-ID: <20120923174357.7D97A73839@svn.h5l.org> The branch master has been updated via 8fb0c01 use Getopt::Std, patch original from Leonardo , updated by me from 846f6e0 always produce a signature that is the size of the modulus Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8fb0c019ec28e06389bde434f4a058d533b226bb Author: Love Hornquist Astrand Date: Sun Sep 23 10:41:34 2012 -0700 use Getopt::Std, patch original from Leonardo , updated by me 8fb0c019ec28e06389bde434f4a058d533b226bb diff --git a/cf/make-proto.pl b/cf/make-proto.pl index 055bc4e..bf83e4c 100644 --- a/cf/make-proto.pl +++ b/cf/make-proto.pl @@ -1,8 +1,7 @@ # Make prototypes from .c files # $Id$ -##use Getopt::Std; -require 'getopts.pl'; +use Getopt::Std; use File::Compare; my $comment = 0; @@ -14,7 +13,7 @@ my $oproto = 1; my $private_func_re = "^_"; my %depfunction = (); -Getopts('x:m:o:p:dqE:R:P:') || die "foo"; +getopts('x:m:o:p:dqE:R:P:') || die "foo"; if($opt_d) { $debug = 1; ----------------------------------------------------------------------- Summary of changes: cf/make-proto.pl | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) From lha at h5l.org Sun Sep 23 19:57:11 2012 From: lha at h5l.org (lha at h5l.org) Date: Sun, 23 Sep 2012 19:57:11 +0200 (CEST) Subject: [Heimdal-source-changes] [Heimdal] branch master updated. heimdal-1.5pre2-737-gdb85d09 Message-ID: <20120923175712.93D8B73839@svn.h5l.org> The branch master has been updated via db85d09 include so that we have a size_t from 8fb0c01 use Getopt::Std, patch original from Leonardo , updated by me Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit db85d0998e4a000ed684e62b9fbfcb484adc9ebd Author: Love Hornquist Astrand Date: Sun Sep 23 10:56:16 2012 -0700 include so that we have a size_t from metanest and https://github.com/heimdal/heimdal/issues/15 db85d0998e4a000ed684e62b9fbfcb484adc9ebd diff --git a/lib/com_err/com_right.h b/lib/com_err/com_right.h index b0857d2..7741684 100644 --- a/lib/com_err/com_right.h +++ b/lib/com_err/com_right.h @@ -58,6 +58,7 @@ #ifdef __STDC__ #include +#include #endif struct error_table { ----------------------------------------------------------------------- Summary of changes: lib/com_err/com_right.h | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) From lha at h5l.org Thu Sep 27 23:01:34 2012 From: lha at h5l.org (lha at h5l.org) Date: Thu, 27 Sep 2012 23:01:34 +0200 (CEST) Subject: [Heimdal-source-changes] [Heimdal] branch master updated. heimdal-1.5pre2-739-gb0b94a4 Message-ID: <20120927210151.25AC673839@svn.h5l.org> The branch master has been updated via b0b94a4 Add pkg-config files for krb5 libraries via 9ba23d7 guess some code for SUN_PROC_POINT from db85d09 include so that we have a size_t Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9ba23d7da873929924567d1b9f8ff03543bd496b Author: Love Hornquist Astrand Date: Mon Sep 24 21:28:04 2012 -0700 guess some code for SUN_PROC_POINT 9ba23d7da873929924567d1b9f8ff03543bd496b diff --git a/lib/kafs/afssys.c b/lib/kafs/afssys.c index ba492ff..fe37c34 100644 --- a/lib/kafs/afssys.c +++ b/lib/kafs/afssys.c @@ -65,6 +65,32 @@ struct devdata { #define VIOC_SYSCALL_DEV_OPENAFS _IOWR('C', 1, struct devdata) #endif +#ifdef _IOW +#ifdef _ILP32 +struct sundevdata { + uint32_t param6; + uint32_t param5; + uint32_t param4; + uint32_t param3; + uint32_t param2; + uint32_t param1; + uint32_t syscall; +}; +#define VIOC_SUN_SYSCALL_DEV _IOW('C', 2, struct sundevdata) +#else +struct sundevdata { + uint64_t param6; + uint64_t param5; + uint64_t param4; + uint64_t param3; + uint64_t param2; + uint64_t param1; + uint64_t syscall; +}; +#define VIOC_SUN_SYSCALL_DEV _IOW('C', 1, struct sundevdata) +#endif +#endif /* _IOW */ + int _kafs_debug; /* this should be done in a better way */ @@ -77,6 +103,7 @@ int _kafs_debug; /* this should be done in a better way */ #define LINUX_PROC_POINT 5 #define AIX_ENTRY_POINTS 6 #define MACOS_DEV_POINT 7 +#define SUN_PROC_POINT 8 static int afs_entry_point = UNKNOWN_ENTRY_POINT; static int afs_syscalls[2]; @@ -192,6 +219,12 @@ try_ioctlpath(const char *path, unsigned long ioctlnum, int entrypoint) ret = ioctl(fd, ioctlnum, &data); break; } + case SUN_PROC_POINT: { + struct sundevdata data = { 0, 0, 0, 0, 0, 0, AFSCALL_PIOCTL }; + data.param2 = (unsigned long)VIOCGETTOK; + ret = ioctl(fd, ioctlnum, &data); + break; + } default: abort(); } @@ -273,6 +306,14 @@ k_pioctl(char *a_path, return data.retval; } + case SUN_PROC_POINT: { + struct sundevdata data = { 0, 0, 0, 0, 0, 0, AFSCALL_PIOCTL }; + data.param1 = (unsigned long)a_path; + data.param2 = (unsigned long)o_opcode; + data.param3 = (unsigned long)a_paramsP; + data.param4 = (unsigned long)a_followSymlinks; + return do_ioctl(&data); + } #ifdef _AIX case AIX_ENTRY_POINTS: return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); @@ -331,6 +372,10 @@ k_setpag(void) return ret; return data.retval; } + case SUN_PROC_POINT: { + struct sundevdata data = { 0, 0, 0, 0, 0, 0, AFSCALL_SETPAG }; + return do_ioctl(&data); + } #ifdef _AIX case AIX_ENTRY_POINTS: return Setpag(); @@ -478,6 +523,12 @@ k_hasafs(void) if (ret == 0) goto done; #endif +#ifdef VIOC_SUN_SYSCALL_DEV + ret = try_ioctlpath("/dev/afs", VIOC_SUN_SYSCALL_DEV, SUN_PROC_POINT); + if (ret == 0) + goto done; +#endif + #if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) { ----------------------------------------------------------------------- commit b0b94a445a4283843772c3a4d525e10ba2a98924 Author: Stef Walter Date: Thu Sep 27 13:51:27 2012 +0200 Add pkg-config files for krb5 libraries * These can be used along side krb5-config Signed-off-by: Love Hornquist Astrand b0b94a445a4283843772c3a4d525e10ba2a98924 diff --git a/cf/Makefile.am.common b/cf/Makefile.am.common index f69b86f..9862060 100644 --- a/cf/Makefile.am.common +++ b/cf/Makefile.am.common @@ -1,6 +1,6 @@ # $Id$ -SUFFIXES = .et .h +SUFFIXES = .et .h .pc.in .pc DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include diff --git a/tools/Makefile.am b/tools/Makefile.am index 36eed71..e872b3f 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -6,7 +6,13 @@ bin_SCRIPTS = krb5-config pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = heimdal-gssapi.pc +pkgconfig_DATA = \ + heimdal-gssapi.pc \ + kafs.pc \ + kadm-client.pc \ + kadm-server.pc \ + krb5.pc \ + krb5-gssapi.pc man_MANS = krb5-config.1 @@ -35,8 +41,8 @@ krb5-config: krb5-config.in mv $@.new $@ chmod +x $@ -heimdal-gssapi.pc: heimdal-gssapi.pc.in - $(subst) $(srcdir)/heimdal-gssapi.pc.in > $@.new +.pc.in.pc: + $(subst) $< > $@.new mv $@.new $@ EXTRA_DIST = \ diff --git a/tools/heimdal-gssapi.pc.in b/tools/heimdal-gssapi.pc.in index 1d8f235..e053003 100644 --- a/tools/heimdal-gssapi.pc.in +++ b/tools/heimdal-gssapi.pc.in @@ -8,7 +8,6 @@ Name: @PACKAGE@ Description: Heimdal is an implementation of Kerberos 5, freely available under a three clause BSD style license. Version: @VERSION@ URL: http://www.pdc.kth.se/heimdal/ -#Requires: foo = 1.3.1 -#Conflicts: bar <= 4.5 -Libs: -L${libdir} -lgssapi -lheimntlm -lkrb5 @LIB_pkinit@ -lcom_err @LIB_hcrypto_appl@ -lasn1 -lwind -lroken @LIB_crypt@ @LIB_dlopen@ @LIB_door_create@ @LIBS@ +Requires: krb5 +Libs: -L${libdir} -lgssapi -lheimntlm @LIB_crypt@ Cflags: -I${includedir} diff --git a/tools/kadm-client.pc.in b/tools/kadm-client.pc.in new file mode 100644 index 0000000..7197941 --- /dev/null +++ b/tools/kadm-client.pc.in @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: kadm-client +Description: Kadmin client library. +Version: @VERSION@ +Requires: krb5-gssapi +Libs: -lkadm5clnt diff --git a/tools/kadm-server.pc.in b/tools/kadm-server.pc.in new file mode 100644 index 0000000..d134ca7 --- /dev/null +++ b/tools/kadm-server.pc.in @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: kadm-server +Description: Kadmin server library. +Version: @VERSION@ +Requires: krb5-gssapi +Libs: -lkadm5srv @LIB_dbopen@ diff --git a/tools/kafs.pc.in b/tools/kafs.pc.in new file mode 100644 index 0000000..e45fabc --- /dev/null +++ b/tools/kafs.pc.in @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: kafs +Description: Libraries for application that uses kafs. +Version: @VERSION@ +Requires: krb5 +Libs: -lkafs diff --git a/tools/krb5-gssapi.pc.in b/tools/krb5-gssapi.pc.in new file mode 100644 index 0000000..482b78f --- /dev/null +++ b/tools/krb5-gssapi.pc.in @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +vendor=Heimdal + +Name: krb5-gssapi +Description: Kerberos implementation of the GSS API. +Version: @VERSION@ +Requires: heimdal-gssapi diff --git a/tools/krb5.pc.in b/tools/krb5.pc.in new file mode 100644 index 0000000..4e6c277 --- /dev/null +++ b/tools/krb5.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +vendor=Heimdal + +Name: krb5 +Description: Heimdal implementation of the kerberos network authentication. +Version: @VERSION@ +Libs: -L${libdir} -lkrb5 @LIB_pkinit@ -lcom_err @LIB_hcrypto_appl@ -lasn1 -lwind -lheimbase -lroken @LIB_crypt@ @PTHREAD_LIBADD@ @LIB_dlopen@ @LIB_door_create@ @LIBS@ +Cflags: -I${includedir} ----------------------------------------------------------------------- Summary of changes: cf/Makefile.am.common | 2 +- lib/kafs/afssys.c | 51 ++++++++++++++++++++++++++++++++++++++++++++ tools/Makefile.am | 12 +++++++-- tools/heimdal-gssapi.pc.in | 5 +-- tools/kadm-client.pc.in | 10 ++++++++ tools/kadm-server.pc.in | 10 ++++++++ tools/kafs.pc.in | 10 ++++++++ tools/krb5-gssapi.pc.in | 10 ++++++++ tools/krb5.pc.in | 11 +++++++++ 9 files changed, 114 insertions(+), 7 deletions(-) From lha at h5l.org Thu Sep 27 23:27:21 2012 From: lha at h5l.org (lha at h5l.org) Date: Thu, 27 Sep 2012 23:27:21 +0200 (CEST) Subject: [Heimdal-source-changes] [Heimdal] branch master updated. heimdal-1.5pre2-740-g8cc9326 Message-ID: <20120927212741.3C45173839@svn.h5l.org> The branch master has been updated via 8cc9326 Document some GSS-API functions and fix some spelling errors. No code changes. from b0b94a4 Add pkg-config files for krb5 libraries Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8cc9326f64c2e10889ef70456338c088c5a01b3f Author: Marco Molteni Date: Tue Sep 25 10:05:34 2012 +0200 Document some GSS-API functions and fix some spelling errors. No code changes. Signed-off-by: Love Hornquist Astrand 8cc9326f64c2e10889ef70456338c088c5a01b3f diff --git a/lib/gssapi/mech/doxygen.c b/lib/gssapi/mech/doxygen.c index a341cba..e20681a 100644 --- a/lib/gssapi/mech/doxygen.c +++ b/lib/gssapi/mech/doxygen.c @@ -39,13 +39,12 @@ * - SPNEGO * - NTLM * - * See @ref gssapi_mechs for more describtion about these mechanisms. - * - * The project web page: http://www.h5l.org/ + * @sa * * - @ref gssapi_services_intro * - @ref gssapi_mechs * - @ref gssapi_api_INvsMN + * - The project web page: http://www.h5l.org/ */ /** @@ -105,27 +104,27 @@ * @page internalVSmechname Internal names and mechanism names * @section gssapi_api_INvsMN Name forms * - * There are two forms of name in GSS-API, Internal form and - * Contiguous string ("flat") form. gss_export_name() and + * There are two name representations in GSS-API: Internal form and + * Contiguous string ("flat") form. Functions gss_export_name() and * gss_import_name() can be used to convert between the two forms. * * - The contiguous string form is described by an oid specificing the * type and an octet string. A special form of the contiguous * string form is the exported name object. The exported name * defined for each mechanism, is something that can be stored and - * complared later. The exported name is what should be used for + * compared later. The exported name is what should be used for * ACLs comparisons. * - * - The Internal form + * - The Internal form is opaque to the application programmer and + * is implementation-dependent. * - * There is also special form of the Internal Name (IN), and that is + * - There is also a special form of the Internal Name (IN), and that is * the Mechanism Name (MN). In the mechanism name all the generic * information is stripped of and only contain the information for * one mechanism. In GSS-API some function return MN and some * require MN as input. Each of these function is marked up as such. * - * - * Describe relationship between import_name, canonicalize_name, + * @TODO Describe relationship between import_name, canonicalize_name, * export_name and friends. */ diff --git a/lib/gssapi/mech/gss_display_status.c b/lib/gssapi/mech/gss_display_status.c index 1e508ca..a79ef35 100644 --- a/lib/gssapi/mech/gss_display_status.c +++ b/lib/gssapi/mech/gss_display_status.c @@ -134,25 +134,43 @@ supplementary_error(OM_uint32 v) return msgs[v]; } - +/** + * Convert a GSS-API status code to text + * + * @param minor_status minor status code + * @param status_value status value to convert + * @param status_type One of: + * GSS_C_GSS_CODE - status_value is a GSS status code, + * GSS_C_MECH_CODE - status_value is a mechanism status code + * @param mech_type underlying mechanism. Use GSS_C_NO_OID to obtain the + * system default. + * @param message_context state information to extract further messages from the + * status_value + * @param status_string the allocated text representation. Release with + * gss_release_buffer() + * + * @returns a gss_error code. + * + * @ingroup gssapi + */ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, - OM_uint32 *message_content, + OM_uint32 *message_context, gss_buffer_t status_string) { OM_uint32 major_status; _mg_buffer_zero(status_string); - *message_content = 0; + *message_context = 0; major_status = _gss_mg_get_error(mech_type, status_type, status_value, status_string); if (major_status == GSS_S_COMPLETE) { - *message_content = 0; + *message_context = 0; *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/lib/gssapi/mech/gss_export_name.c b/lib/gssapi/mech/gss_export_name.c index 3e6e626..b1c0c83 100644 --- a/lib/gssapi/mech/gss_export_name.c +++ b/lib/gssapi/mech/gss_export_name.c @@ -28,6 +28,20 @@ #include "mech_locl.h" +/** + * Convert a GGS-API name from internal form to contiguous string. + * + * @sa gss_import_name(), @ref internalVSmechname. + * + * @param minor_status minor status code + * @param input_name input name in internal name form + * @param exported_name output name in contiguos string form + * + * @returns a gss_error code, see gss_display_status() about printing + * the error code. + * + * @ingroup gssapi + */ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name(OM_uint32 *minor_status, const gss_name_t input_name, diff --git a/lib/gssapi/mech/gss_import_name.c b/lib/gssapi/mech/gss_import_name.c index d1b3dc9..4c1d940 100644 --- a/lib/gssapi/mech/gss_import_name.c +++ b/lib/gssapi/mech/gss_import_name.c @@ -149,7 +149,7 @@ _gss_import_export_name(OM_uint32 *minor_status, } /** - * Import a name internal or mechanism name + * Convert a GGS-API name from contiguous string to internal form. * * Type of name and their format: * - GSS_C_NO_OID @@ -159,12 +159,12 @@ _gss_import_export_name(OM_uint32 *minor_status, * - GSS_C_NT_ANONYMOUS * - GSS_KRB5_NT_PRINCIPAL_NAME * - * For more information about @ref internalVSmechname. + * @sa gss_export_name(), @ref internalVSmechname. * - * @param minor_status minor status code - * @param input_name_buffer import name buffer - * @param input_name_type type of the import name buffer - * @param output_name the resulting type, release with + * @param minor_status minor status code + * @param input_name_buffer import name buffer + * @param input_name_type type of the import name buffer + * @param output_name the resulting type, release with * gss_release_name(), independent of input_name * * @returns a gss_error code, see gss_display_status() about printing diff --git a/lib/krb5/sendauth.c b/lib/krb5/sendauth.c index d334d34..5011c26 100644 --- a/lib/krb5/sendauth.c +++ b/lib/krb5/sendauth.c @@ -60,6 +60,29 @@ * } */ +/** + * Perform the client side of the sendauth protocol. + * + * @param context Kerberos 5 context. + * @param auth_context Authentication context of the peer. + * @param p_fd Socket associated to the connection. + * @param appl_version Server-specific string. + * @param client Client principal. If NULL, use the credentials in \a ccache. + * @param server Server principal. + * @param ap_req_options Options for the AP_REQ message. See the AP_OPTS_* defines in krb5.h. + * @param in_data FIXME + * @param in_creds FIXME + * @param ccache Credentials cache. If NULL, use the default credentials cache. + * @param ret_error If not NULL, will be set to the error reported by server, if any. + * Must be deallocated with krb5_free_error_contents(). + * @param rep_result If not NULL, will be set to the EncApRepPart of the AP_REP message. + * Must be deallocated with krb5_free_ap_rep_enc_part(). + * @param out_creds FIXME If not NULL, will be set to FIXME. Must be deallocated with + * krb5_free_creds(). + * + * @return 0 to indicate success. Otherwise a Kerberos error code is + * returned, see krb5_get_error_message(). + */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendauth(krb5_context context, krb5_auth_context *auth_context, ----------------------------------------------------------------------- Summary of changes: lib/gssapi/mech/doxygen.c | 19 +++++++++---------- lib/gssapi/mech/gss_display_status.c | 26 ++++++++++++++++++++++---- lib/gssapi/mech/gss_export_name.c | 14 ++++++++++++++ lib/gssapi/mech/gss_import_name.c | 12 ++++++------ lib/krb5/sendauth.c | 23 +++++++++++++++++++++++ 5 files changed, 74 insertions(+), 20 deletions(-)