Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src Pull up revisions 1.2-1.3 (requested by assar):
details: https://anonhg.NetBSD.org/src/rev/5af6f2a43a7e
branches: netbsd-1-5
changeset: 491139:5af6f2a43a7e
user: he <he%NetBSD.org@localhost>
date: Thu Apr 05 23:24:01 2001 +0000
description:
Pull up revisions 1.2-1.3 (requested by assar):
Upgrade Heimdal to version 0.3e.
diffstat:
crypto/dist/heimdal/admin/ktutil.c | 15 +-
crypto/dist/heimdal/kadmin/kadmin.c | 34 ++-
crypto/dist/heimdal/kpasswd/kpasswd.c | 17 +-
crypto/dist/heimdal/lib/auth/pam/pam.c | 80 ++++--
crypto/dist/heimdal/lib/gssapi/8003.c | 63 +++++-
crypto/dist/heimdal/lib/gssapi/unwrap.c | 258 +++++++++++++++++++++-
crypto/dist/heimdal/lib/gssapi/verify_mic.c | 181 ++++++++++++++-
crypto/dist/heimdal/lib/gssapi/wrap.c | 299 ++++++++++++++++++++++++--
crypto/dist/heimdal/lib/hdb/hdb-protos.h | 64 +++--
crypto/dist/heimdal/lib/krb5/krb5-protos.h | 282 +++++++++++++++++++++++++-
crypto/dist/heimdal/lib/krb5/principal.c | 140 ++++++++++-
crypto/dist/heimdal/lib/krb5/prog_setup.c | 10 +-
crypto/dist/heimdal/lib/krb5/send_to_kdc.c | 113 ++++++---
crypto/dist/heimdal/lib/krb5/warn.c | 40 +-
crypto/dist/heimdal/lib/roken/roken-common.h | 45 +++-
crypto/dist/heimdal/lib/sl/lex.l | 17 +-
lib/libasn1/shlib_version | 2 +-
lib/libgssapi/shlib_version | 4 +-
lib/libhdb/shlib_version | 4 +-
lib/libkadm5clnt/shlib_version | 2 +-
lib/libkadm5srv/shlib_version | 4 +-
lib/libroken/shlib_version | 4 +-
usr.sbin/hprop/Makefile | 11 +-
23 files changed, 1437 insertions(+), 252 deletions(-)
diffs (truncated from 2814 to 300 lines):
diff -r f7c92858862c -r 5af6f2a43a7e crypto/dist/heimdal/admin/ktutil.c
--- a/crypto/dist/heimdal/admin/ktutil.c Thu Apr 05 23:23:38 2001 +0000
+++ b/crypto/dist/heimdal/admin/ktutil.c Thu Apr 05 23:24:01 2001 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,14 +32,17 @@
*/
#include "ktutil_locl.h"
+#include <err.h>
-RCSID("$Id: ktutil.c,v 1.1.1.1 2000/06/16 18:31:39 thorpej Exp $");
+RCSID("$Id: ktutil.c,v 1.1.1.1.2.1 2001/04/05 23:24:01 he Exp $");
static int help_flag;
static int version_flag;
int verbose_flag;
char *keytab_string;
+static char keytab_buf[256];
+
static int help(int argc, char **argv);
static SL_cmd cmds[] = {
@@ -127,7 +130,9 @@
int optind = 0;
krb5_error_code ret;
set_progname(argv[0]);
- krb5_init_context(&context);
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
if(getarg(args, num_args, argc, argv, &optind))
usage(1);
if(help_flag)
@@ -143,6 +148,10 @@
if(keytab_string) {
ret = krb5_kt_resolve(context, keytab_string, &keytab);
} else {
+ if(krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)))
+ strlcpy (keytab_buf, "unknown", sizeof(keytab_buf));
+ keytab_string = keytab_buf;
+
ret = krb5_kt_default(context, &keytab);
}
if(ret)
diff -r f7c92858862c -r 5af6f2a43a7e crypto/dist/heimdal/kadmin/kadmin.c
--- a/crypto/dist/heimdal/kadmin/kadmin.c Thu Apr 05 23:23:38 2001 +0000
+++ b/crypto/dist/heimdal/kadmin/kadmin.c Thu Apr 05 23:24:01 2001 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <sl.h>
-RCSID("$Id: kadmin.c,v 1.1.1.1 2000/06/16 18:32:07 thorpej Exp $");
+RCSID("$Id: kadmin.c,v 1.1.1.1.2.1 2001/04/05 23:24:01 he Exp $");
static char *config_file;
static char *keyfile;
@@ -141,6 +141,7 @@
"privileges", get_privs, "privileges",
"Shows which kinds of operations you are allowed to perform."
},
+ { "privs" },
{
"list", list_princs, "list expression...",
"Lists principals in a terse format. The same as `get -t'."
@@ -148,6 +149,7 @@
{ "help", help, "help"},
{ "?"},
{ "exit", exit_kadmin, "exit"},
+ { "quit" },
{ NULL}
};
@@ -183,6 +185,24 @@
char str[128];
kadm5_ret_t ret;
+ int help_flag = 0;
+ struct getargs args[] = {
+ { "help", 'h', arg_flag, NULL }
+ };
+ int num_args = sizeof(args) / sizeof(args[0]);
+ int optind = 0;
+
+ args[0].value = &help_flag;
+
+ if(getarg(args, num_args, argc, argv, &optind)) {
+ arg_printusage (args, num_args, "privileges", NULL);
+ return 0;
+ }
+ if(help_flag) {
+ arg_printusage (args, num_args, "privileges", NULL);
+ return 0;
+ }
+
ret = kadm5_get_privs(kadm_handle, &privs);
if(ret)
krb5_warn(context, ret, "kadm5_get_privs");
@@ -204,7 +224,9 @@
set_progname(argv[0]);
- krb5_init_context(&context);
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
while((e = getarg(args, num_args, argc, argv, &optind)))
errx(1, "error at argument `%s'", argv[optind]);
@@ -268,6 +290,12 @@
if(ret)
krb5_err(context, 1, ret, "kadm5_init_with_password");
+
+ signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
+ parser will handle SIGINT its own way;
+ we should really take care of this in
+ each function, f.i `get' might be
+ interruptable, but not `create' */
if (argc != 0) {
ret = sl_command (actual_cmds, argc, argv);
if(ret == -1)
diff -r f7c92858862c -r 5af6f2a43a7e crypto/dist/heimdal/kpasswd/kpasswd.c
--- a/crypto/dist/heimdal/kpasswd/kpasswd.c Thu Apr 05 23:23:38 2001 +0000
+++ b/crypto/dist/heimdal/kpasswd/kpasswd.c Thu Apr 05 23:24:01 2001 +0000
@@ -32,7 +32,7 @@
*/
#include "kpasswd_locl.h"
-RCSID("$Id: kpasswd.c,v 1.1.1.1 2000/06/16 18:31:41 thorpej Exp $");
+RCSID("$Id: kpasswd.c,v 1.1.1.1.2.1 2001/04/05 23:24:02 he Exp $");
static int version_flag;
static int help_flag;
@@ -43,12 +43,9 @@
};
static void
-usage (int ret)
+usage (int ret, struct getargs *a, int num_args)
{
- arg_printusage (args,
- sizeof(args)/sizeof(*args),
- NULL,
- "[principal]");
+ arg_printusage (a, num_args, NULL, "[principal]");
exit (ret);
}
@@ -66,10 +63,10 @@
char pwbuf[BUFSIZ];
optind = krb5_program_setup(&context, argc, argv,
- args, sizeof(args) / sizeof(args[0]), NULL);
+ args, sizeof(args) / sizeof(args[0]), usage);
if (help_flag)
- usage (0);
+ usage (0, args, sizeof(args) / sizeof(args[0]));
if(version_flag){
print_version (NULL);
@@ -86,11 +83,11 @@
argv += optind;
if (argc > 1)
- usage(1);
+ usage (1, args, sizeof(args) / sizeof(args[0]));
ret = krb5_init_context (&context);
if (ret)
- errx (1, "krb5_init_context: %s", krb5_get_err_text(context, ret));
+ errx (1, "krb5_init_context failed: %d", ret);
if(argv[0]) {
ret = krb5_parse_name (context, argv[0], &principal);
diff -r f7c92858862c -r 5af6f2a43a7e crypto/dist/heimdal/lib/auth/pam/pam.c
--- a/crypto/dist/heimdal/lib/auth/pam/pam.c Thu Apr 05 23:23:38 2001 +0000
+++ b/crypto/dist/heimdal/lib/auth/pam/pam.c Thu Apr 05 23:24:01 2001 +0000
@@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include<config.h>
-RCSID("$Id: pam.c,v 1.1.1.1 2000/06/16 18:32:41 thorpej Exp $");
+RCSID("$Id: pam.c,v 1.1.1.1.2.1 2001/04/05 23:24:02 he Exp $");
#endif
#include <stdio.h>
@@ -60,11 +60,11 @@
#endif
static void
-log_error(int level, const char *format, ...)
+psyslog(int level, const char *format, ...)
{
va_list args;
va_start(args, format);
- openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
+ openlog("pam_krb4", LOG_PID, LOG_AUTH);
vsyslog(level | LOG_AUTH, format, args);
va_end(args);
closelog();
@@ -115,7 +115,7 @@
break;
if (j >= KRB4_CTRLS)
- log_error(LOG_ALERT, "unrecognized option [%s]", *argv);
+ psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
else
ctrl_flags |= krb4_args[j].flag;
}
@@ -128,13 +128,13 @@
if (ctrl_off(KRB4_DEBUG))
return;
va_start(args, format);
- openlog("pam_krb4", LOG_PID, LOG_AUTH);
- vsyslog(LOG_DEBUG | LOG_AUTH, format, args);
+ openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
+ vsyslog(LOG_DEBUG, format, args);
va_end(args);
closelog();
}
-#define ENTRY(f) pdeb("%s() ruid = %d euid = %d", f, getuid(), geteuid())
+#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
static void
set_tkt_string(uid_t uid)
@@ -182,9 +182,14 @@
old_euid = geteuid();
setreuid(0, 0);
ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
- if (setreuid(old_ruid, old_euid) != 0)
+ pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
+ name, inst, realm, krb_verify,
+ krb_get_err_text(ret));
+ setreuid(old_ruid, old_euid);
+ if (getuid() != old_ruid || geteuid() != old_euid)
{
- log_error(LOG_ALERT , "setreuid(%d, %d) failed", old_ruid, old_euid);
+ psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
+ old_ruid, old_euid, __LINE__);
exit(1);
}
@@ -220,7 +225,7 @@
ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
if (ret != PAM_SUCCESS)
{
- log_error(LOG_ERR , "pam_get_item returned error to get-password");
+ psyslog(LOG_ERR , "pam_get_item returned error to get-password");
return ret;
}
else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
@@ -271,6 +276,8 @@
struct passwd *pw;
uid_t uid = -1;
const char *name, *inst;
+ char realm[REALM_SZ];
+ realm[0] = 0;
parse_ctrl(argc, argv);
ENTRY("pam_sm_authenticate");
@@ -316,11 +323,9 @@
*/
if (ret == PAM_SUCCESS && inst[0] != 0)
{
- char realm[REALM_SZ];
uid_t old_euid = geteuid();
uid_t old_ruid = getuid();
- realm[0] = 0;
setreuid(0, 0); /* To read ticket file. */
if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
ret = PAM_SERVICE_ERR;
@@ -334,28 +339,44 @@
if (ret != PAM_SUCCESS)
{
dest_tkt(); /* Passwd known, ok to kill ticket. */
- log_error(LOG_NOTICE,
- "%s.%s@%s is not allowed to log in as %s",
- name, inst, realm, user);
+ psyslog(LOG_NOTICE,
+ "%s.%s@%s is not allowed to log in as %s",
+ name, inst, realm, user);
}
Home |
Main Index |
Thread Index |
Old Index